Merge pull request #6845 from nextcloud/enh/noid/monospace-fall-back

aio-interface setup page: fall back to system fonts if monospace does not exist
Merge pull request #6835 from nextcloud/enh/noid/update-facerecognition-json
2026-02-17 11:10:22 +00:00 · 2025-09-10 15:12:04 +02:00 · 2025-09-10 14:15:49 +02:00 · 2025-09-10 13:47:58 +02:00 · 2025-09-10 09:25:59 +02:00 · 2025-09-10 04:21:22 +00:00
7 changed files with 22 additions and 31 deletions
--- a/Containers/talk/Dockerfile
+++ b/Containers/talk/Dockerfile
@ -1,5 +1,5 @@
 # syntax=docker/dockerfile:latest
-FROM nats:2.11.8-scratch AS nats
+FROM nats:2.11.9-scratch AS nats
 FROM eturnal/eturnal:1.12.1 AS eturnal
 FROM strukturag/nextcloud-spreed-signaling:2.0.4 AS signaling
 FROM alpine:3.22.1 AS janus
--- a/community-containers/facerecognition/facerecognition.json
+++ b/community-containers/facerecognition/facerecognition.json
@ -10,18 +10,21 @@
            "restart": "unless-stopped",
            "environment": [
                "TZ=%TIMEZONE%",
-                "API_KEY=some-super-secret-api-key",
+                "API_KEY=%FACERECOGNITION_API_KEY%",
                "FACE_MODEL=3"
            ],
            "aio_variables": [
                "nextcloud_memory_limit=2048M"
            ],
+            "secrets": [
+                "FACERECOGNITION_API_KEY"
+            ],
            "enable_nvidia_gpu": false,
            "nextcloud_exec_commands": [
                "php /var/www/html/occ app:install facerecognition",
                "php /var/www/html/occ app:enable facerecognition", 
                "php /var/www/html/occ config:system:set facerecognition.external_model_url --value nextcloud-aio-facerecognition:5000",
-                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value some-super-secret-api-key",
+                "php /var/www/html/occ config:system:set facerecognition.external_model_api_key --value %FACERECOGNITION_API_KEY%",
                "php /var/www/html/occ face:setup -m 5",
                "php /var/www/html/occ face:setup -M 1G",
                "php /var/www/html/occ config:app:set facerecognition analysis_image_area --value 4320000",
--- a/php/public/style.css
+++ b/php/public/style.css
@ -220,7 +220,7 @@ svg:not(:has(use)) .fallback-text {
 }

 .login > .monospace {
-    font-family: monospace;
+    font-family: monospace, monospace, system-ui, -apple-system, 'Segoe UI', Roboto, Oxygen-Sans, Cantarell, Ubuntu, 'Helvetica Neue', 'Noto Sans', 'Liberation Sans', Arial, sans-serif, 'Apple Color Emoji', 'Segoe UI Emoji', 'Segoe UI Symbol', 'Noto Color Emoji';
    font-size: 17px;
 }

--- a/php/src/Container/Container.php
+++ b/php/src/Container/Container.php
@ -19,8 +19,6 @@ readonly class Container {
        private ContainerEnvironmentVariables $containerEnvironmentVariables,
        /** @var string[] */
        private array                         $dependsOn,
-        /** @var string[] */
-        private array                         $secrets,
        private string                        $uiSecret,
        /** @var string[] */
        private array                         $devices,
@ -82,10 +80,6 @@ readonly class Container {
        return $this->maxShutdownTime;
    }

-    public function GetSecrets() : array {
-        return $this->secrets;
-    }
-
    public function GetUiSecret() : string {
        return $this->dockerActionManager->GetAndGenerateSecretWrapper($this->uiSecret);
    }
--- a/php/src/ContainerDefinitionFetcher.php
+++ b/php/src/ContainerDefinitionFetcher.php
@ -239,9 +239,12 @@ readonly class ContainerDefinitionFetcher {
                $internalPort = $entry['internal_port'];
            }

-            $secrets = [];
            if (isset($entry['secrets'])) {
-                $secrets = $entry['secrets'];
+                // All secrets are registered with the configuration when they 
+                // are discovered so they can be later generated at time-of-use.
+                foreach ($entry['secrets'] as $secret) {
+                    $this->configurationManager->RegisterSecret($secret);
+                }
            }

            $uiSecret = '';
@ -320,7 +323,6 @@ readonly class ContainerDefinitionFetcher {
                $volumes,
                $variables,
                $dependsOn,
-                $secrets,
                $uiSecret,
                $devices,
                $enableNvidiaGpu,
--- a/php/src/Data/ConfigurationManager.php
+++ b/php/src/Data/ConfigurationManager.php
@ -7,6 +7,8 @@ use AIO\Controller\DockerController;

 class ConfigurationManager
 {
+    private array $secrets = [];
+
    public function GetConfig() : array
    {
        if(file_exists(DataConst::GetConfigFile()))
@ -50,13 +52,15 @@ class ConfigurationManager
        return $config['secrets'][$secretId];
    }

-    public function GetSecret(string $secretId) : string {
-        $config = $this->GetConfig();
-        if(!isset($config['secrets'][$secretId])) {
-            $config['secrets'][$secretId] = "";
+    public function GetRegisteredSecret(string $secretId) : string {
+        if ($this->secrets[$secretId]) {
+            return $this->GetAndGenerateSecret($secretId);
        }
+        throw new \Exception("The secret " . $secretId . " was not registered. Please check if it is defined in secrets of containers.json.");
+    }

-        return $config['secrets'][$secretId];
+    public function RegisterSecret(string $secretId) : void {
+        $this->secrets[$secretId] = true;
    }

    private function DoubleSafeBackupSecret(string $borgBackupPassword) : void {
--- a/php/src/Docker/DockerActionManager.php
+++ b/php/src/Docker/DockerActionManager.php
@ -221,10 +221,6 @@ readonly class DockerActionManager {
            $requestBody['HostConfig']['Binds'] = $volumes;
        }

-        foreach ($container->GetSecrets() as $secret) {
-            $this->configurationManager->GetAndGenerateSecret($secret);
-        }
-
        $aioVariables = $container->GetAioVariables()->GetVariables();
        foreach ($aioVariables as $variable) {
            $config = $this->configurationManager->GetConfig();
@ -566,18 +562,10 @@ readonly class DockerActionManager {
            // Allow to get local ip-address of caddy container and add it to trusted proxies automatically
            'CADDY_IP_ADDRESS' => in_array('caddy', $this->configurationManager->GetEnabledCommunityContainers(), true) ? gethostbyname('nextcloud-aio-caddy') : '',
            'WHITEBOARD_ENABLED' => $this->configurationManager->isWhiteboardEnabled() ? 'yes' : '',
-            default => $this->getSecretOrThrow($placeholder),
+            default => $this->configurationManager->GetRegisteredSecret($placeholder),
        };
    }

-    private function getSecretOrThrow(string $secretName): string {
-        $secret = $this->configurationManager->GetSecret($secretName);
-        if ($secret === "") {
-            throw new \Exception("The secret " . $secretName . " is empty. Cannot substitute its value. Please check if it is defined in secrets of containers.json.");
-        }
-        return $secret;
-    }
-
    private function isContainerUpdateAvailable(string $id): string {
        $container = $this->containerDefinitionFetcher->GetContainerById($id);
Author	SHA1	Message	Date
Simon L.	81e1bc1ef3	Merge pull request #6845 from nextcloud/enh/noid/monospace-fall-back Some checks failed Codespell / Check spelling (push) Waiting to run Details Docker Lint / docker-lint (push) Waiting to run Details Validate community containers / Validate community containers (push) Has been cancelled Details Json Validator / Json Validator (push) Has been cancelled Details Lint php / php-lint (push) Has been cancelled Details PHP Deprecation Detector / PHP Deprecation Detector (push) Has been cancelled Details Static analysis / static-psalm-analysis (push) Has been cancelled Details Lint php / php-lint-summary (push) Has been cancelled Details aio-interface setup page: fall back to system fonts if monospace does not exist	2025-09-10 15:12:04 +02:00
Simon L.	3251fa69d3	Merge pull request #6835 from nextcloud/enh/noid/update-facerecognition-json facerecognition-cc: update json to use actual secret for api key	2025-09-10 14:15:49 +02:00
Simon L.	cfaf69fb58	Merge pull request #6841 from nextcloud/global-secrets Register secrets for generation when their declarations are read	2025-09-10 13:47:58 +02:00
Simon L.	f3104bd661	Merge pull request #6846 from nextcloud/dependabot/docker/Containers/talk/nats-2.11.9-scratch build(deps): bump nats from 2.11.8-scratch to 2.11.9-scratch in /Containers/talk	2025-09-10 09:25:59 +02:00
dependabot[bot]	f87bd7ae45	build(deps): bump nats in /Containers/talk Bumps nats from 2.11.8-scratch to 2.11.9-scratch. --- updated-dependencies: - dependency-name: nats dependency-version: 2.11.9-scratch dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>	2025-09-10 04:21:22 +00:00
Alan Savage	29c093afae	Make secrets global and init on first use. This allows all containers to use any secret declared anywhere in their placeholders but they will not be generated and written to the configuration until they are used. Signed-off-by: Alan Savage <3028205+asavageiv@users.noreply.github.com>	2025-09-09 14:59:41 -07:00
Simon L.	ee2f1fa262	aio-interface setup page: fall back to system fonts if monospace does not exist Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-09-09 20:46:40 +02:00
Simon L.	bb342bc64a	facerecognition-cc: update json to use actual secret for api key Signed-off-by: Simon L. <szaimen@e.mail.de>	2025-09-08 11:10:02 +02:00