Repo-sync

Containers/apache/nextcloud.conf

@@ -37,10 +37,6 @@ Listen 8000
         Require all denied
     </Files>
 
-    # Fix zero file sizes 
-    # See https://github.com/nextcloud/server/issues/3056#issuecomment-954209565
-    SetEnv proxy-sendcl 1
-
     # See https://httpd.apache.org/docs/current/en/mod/core.html#limitrequestbody
     LimitRequestBody ${APACHE_MAX_SIZE}
 

Containers/clamav/Dockerfile

@@ -1,6 +1,6 @@
 # syntax=docker/dockerfile:latest
 # Probably from this file: https://github.com/Cisco-Talos/clamav-docker/blob/main/clamav/1.1/alpine/Dockerfile
-FROM clamav/clamav:1.3.0-40
+FROM clamav/clamav:1.3.0-41
 
 COPY clamav.conf /tmp/clamav.conf
 

Containers/imaginary/Dockerfile

@@ -23,17 +23,19 @@ RUN set -ex; \
         vips-magick \
         vips-heif \
         vips-jxl \
-        vips-poppler
+        vips-poppler \
+        bash
 
 COPY --from=go /go/bin/imaginary /usr/local/bin/imaginary
+COPY --chmod=775 start.sh /start.sh
 
 ENV PORT 9000
 
 USER nobody
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2
-ENTRYPOINT ["imaginary", "-return-size", "-max-allowed-resolution", "222.2"]
+ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD nc -z localhost "$PORT" || exit 1
 LABEL com.centurylinklabs.watchtower.enable="false"

Containers/imaginary/start.sh

@@ -0,0 +1,7 @@
+#!/bin/bash
+
+if [ -z "$IMAGINARY_SECRET" ]; then
+    imaginary -return-size -max-allowed-resolution 222.2 "$@"
+else
+    imaginary -return-size -max-allowed-resolution 222.2 -key "$IMAGINARY_SECRET" "$@"
+fi

Containers/mastercontainer/Dockerfile

@@ -5,8 +5,8 @@ FROM docker:25.0.3-cli as docker
 # Caddy is a requirement
 FROM caddy:2.7.6-alpine as caddy
 
-# From https://github.com/docker-library/php/blob/master/8.2/alpine3.19/fpm/Dockerfile
-FROM php:8.2.16-fpm-alpine3.19
+# From https://github.com/docker-library/php/blob/master/8.3/alpine3.19/fpm/Dockerfile
+FROM php:8.3.3-fpm-alpine3.19
 
 EXPOSE 80
 EXPOSE 8080

Containers/nextcloud/Dockerfile

@@ -1,13 +1,13 @@
 # syntax=docker/dockerfile:latest
-FROM php:8.1.27-fpm-alpine3.19
+FROM php:8.2.16-fpm-alpine3.19
 
 ENV PHP_MEMORY_LIMIT 512M
 ENV PHP_UPLOAD_LIMIT 10G
 ENV PHP_MAX_TIME 3600
 ENV SOURCE_LOCATION /usr/src/nextcloud
 
 # AIO settings start # Do not remove or change this line!
-ENV NEXTCLOUD_VERSION 27.1.7
+ENV NEXTCLOUD_VERSION 28.0.3
 ENV AIO_TOKEN 123456
 ENV AIO_URL localhost
 COPY supervisord.conf /supervisord.conf
@@ -169,6 +169,7 @@ RUN set -ex; \
         bz2 \
         imap \
         pgsql \
+        ftp \
     ; \
     pecl install smbclient; \
     docker-php-ext-enable smbclient; \

Containers/nextcloud/entrypoint.sh

@@ -490,6 +490,10 @@ php /var/www/html/occ config:system:set updatedirectory --value="/nc-updater"
 if [ -n "$SERVERINFO_TOKEN" ] && [ -z "$(php /var/www/html/occ config:app:get serverinfo token)" ]; then
     php /var/www/html/occ config:app:set serverinfo token --value="$SERVERINFO_TOKEN"
 fi
+# Set maintenance window so that no warning is shown in the admin overview
+if [ -z "$(php /var/www/html/occ config:system:get maintenance_window_start)" ]; then
+    php /var/www/html/occ config:system:set maintenance_window_start --type=int --value=100
+fi
 
 # Apply network settings
 echo "Applying network settings..."
@@ -699,6 +703,7 @@ fi
 if [ "$IMAGINARY_ENABLED" = 'yes' ]; then
     php /var/www/html/occ config:system:set enabledPreviewProviders 0 --value="OC\\Preview\\Imaginary"
     php /var/www/html/occ config:system:set preview_imaginary_url --value="http://$IMAGINARY_HOST:9000"
+    php /var/www/html/occ config:system:set preview_imaginary_key --value="$IMAGINARY_SECRET"
 else
     if [ -n "$(php /var/www/html/occ config:system:get preview_imaginary_url)" ]; then
         php /var/www/html/occ config:system:delete enabledPreviewProviders 0

app/appinfo/info.xml

@@ -5,15 +5,15 @@
 	<name>Nextcloud All-in-One</name>
 	<summary>Provides a login link for admins.</summary>
 	<description>Add a link to the admin settings that gives access to the Nextcloud All-in-One admin interface</description>
-	<version>0.4.0</version>
+	<version>0.5.0</version>
 	<licence>agpl</licence>
 	<author>Azul</author>
 	<namespace>AllInOne</namespace>
 	<default_enable/>
 	<category>monitoring</category>
 	<bugs>https://github.com/nextcloud/all-in-one/issues</bugs>
 	<dependencies>
-		<nextcloud min-version="26" max-version="27"/>
+		<nextcloud min-version="27" max-version="28"/>
 	</dependencies>
 
 	<settings>

community-containers/caddy/readme.md

@@ -1,12 +1,13 @@
 ## Caddy with geoblocking
-This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed.
+This container bundles caddy and auto-configures it for you. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden by listening on `bw.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart by listening on `mail.$NC_DOMAIN`, if installed. It also covers https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin by listening on `media.$NC_DOMAIN`, if installed.
 
 ### Notes
 - This container is incompatible with the [npmplus](https://github.com/nextcloud/all-in-one/tree/main/community-containers/npmplus) community container. So make sure that you do not enable both at the same time!
 - Make sure that no other service is using port 443 on your host as otherwise the containers will fail to start. You can check this with `sudo netstat -tulpn | grep 443` before installing AIO.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/vaultwarden, make sure that you point `bw.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for vaultwarden.
 - If you want to use this with https://github.com/nextcloud/all-in-one/tree/main/community-containers/stalwart, make sure that you point `mail.your-nc-domain.com` to your server using a cname record so that caddy can get a certificate automatically for stalwart.
 - After the container was started the first time, you should see a new `nextcloud-aio-caddy` folder and inside there an `allowed-countries.txt` file when you open the files app with the default `admin` user. In there you can adjust the allowed country codes for caddy by adding them to the first line, e.g. `IT FR` would allow access from italy and france. Private ip-ranges are always allowed. Additionally, in order to activate this config, you need to get an account at https://dev.maxmind.com/geoip/geolite2-free-geolocation-data and download the `GeoLite2-Country.mmdb` and upload it with this exact name into the `nextcloud-aio-caddy` folder. Afterwards restart all containers from the AIO interface and your new config should be active!
+- You can add your own Caddy configurations in `/data/caddy-imports/` inside the Caddy container (`sudo docker exec -it nextcloud-aio-caddy bash`). These will be imported on container startup.
 - See https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers how to add it to the AIO stack
 
 ### Repository

community-containers/jellyfin/jellyfin.json

@@ -0,0 +1,39 @@
+{
+    "aio_services_v1": [
+        {
+            "container_name": "nextcloud-aio-jellyfin",
+            "display_name": "Jellyfin",
+            "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin",
+            "image": "jellyfin/jellyfin",
+            "image_tag": "latest",
+            "internal_port": "host",
+            "restart": "unless-stopped",
+            "environment": [
+                "TZ=%TIMEZONE%"
+            ],
+            "volumes": [
+                {
+                    "source": "nextcloud_aio_jellyfin",
+                    "destination": "/config",
+                    "writeable": true
+                },
+                {
+                    "source": "%NEXTCLOUD_DATADIR%",
+                    "destination": "/media",
+                    "writeable": false
+                },
+                {
+                    "source": "%NEXTCLOUD_MOUNT%",
+                    "destination": "%NEXTCLOUD_MOUNT%",
+                    "writeable": false
+                }
+            ],
+            "devices": [
+                "/dev/dri"
+            ],
+            "backup_volumes": [
+                "nextcloud_aio_jellyfin"
+            ]
+        }
+    ]
+}

community-containers/jellyfin/readme.md

@@ -0,0 +1,18 @@
+## Jellyfin
+This container bundles Jellyfin and auto-configures it for you.
+
+### Notes
+- This container is incompatible with the [Plex](https://github.com/nextcloud/all-in-one/tree/main/community-containers/plex) community container. So make sure that you do not enable both at the same time!
+- This container does not work on Docker Desktop since it needs `network_mode: host` in order to work correctly.
+- After adding and starting the container, you can directly visit http://ip.address.of.server:8096/ and access your new Jellyfin instance!
+- In order to access your Jellyfin outside the local network, you have to set up your own reverse proxy. You can set up a reverse proxy following [these instructions](https://github.com/nextcloud/all-in-one/blob/main/reverse-proxy.md) and [Jellyfin's networking documentation](https://jellyfin.org/docs/general/networking/#running-jellyfin-behind-a-reverse-proxy), OR use the [Caddy](https://github.com/nextcloud/all-in-one/tree/main/community-containers/caddy) community container that will automatically configure `media.$NC_DOMAIN` to redirect to your Jellyfin.
+- ⚠️ After the initial start, Jellyfin shows a configuration page to set up the root password, etc. **Be careful to initialize your Jellyfin before adding the DNS record.**
+- The data of Jellyfin will be automatically included in AIO's backup solution!
+- See [here](https://github.com/nextcloud/all-in-one/tree/main/community-containers#community-containers) how to add it to the AIO stack.
+
+
+### Repository
+https://github.com/jellyfin/jellyfin
+
+### Maintainer
+https://github.com/airopi

community-containers/local-ai/local-ai.json

@@ -5,7 +5,7 @@
             "display_name": "Local AI",
             "documentation": "https://github.com/nextcloud/all-in-one/tree/main/community-containers/local-ai",
             "image": "szaimen/aio-local-ai",
-            "image_tag": "v1",
+            "image_tag": "v2",
             "internal_port": "8080",
             "restart": "unless-stopped",
             "environment": [

community-containers/local-ai/readme.md

@@ -2,7 +2,8 @@
 This container bundles Local AI and auto-configures it for you.
 
 ### Notes
-- Make sure to have enough storage space available. This container alone needs ~14GB storage on x64, on arm64 only ~4GB. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
+- This container does not work on arm64! If you add the container on arm64, it will fail to start because no image for arm64 is available!
+- Make sure to have enough storage space available. This container alone needs ~14GB storage. Every model that you add to `models.yaml` will of course use additional space which adds up quite fast.
 - After the container was started the first time, you should see a new `nextcloud-aio-local-ai` folder when you open the files app with the default `admin` user. In there you should see a `models.yaml` config file. You can now add models in there. Please refer [here](https://github.com/go-skynet/model-gallery/blob/main/index.yaml) where you can get further urls that you can put in there. Afterwards restart all containers from the AIO interface and the models should automatically get downloaded by the local-ai container and activated.
 - Example for content of `models.yaml` (if you add all of them, it takes around 10GB additional space):
 ```yaml

community-containers/plex/readme.md

@@ -2,6 +2,7 @@
 This container bundles Plex and auto-configures it for you.
 
 ### Notes
+- This container is incompatible with the [Jellyfin](https://github.com/nextcloud/all-in-one/tree/main/community-containers/jellyfin) community container. So make sure that you do not enable both at the same time!
 - This is not working on arm64 since Plex does only provide x64 docker images.
 - This is not working on Docker Desktop since it needs `network_mode: host` in order to work correctly.
 - If you have a firewall like ufw configured, you might need to open all Plex ports in there first in order to make it work. Especially port 32400 is important!

migration.md

@@ -69,7 +69,7 @@ The procedure for migrating the files and the database works like this:
     1. Now save the file by pressing `[CTRL] + [o]` then `[ENTER]` and close nano by pressing `[CTRL] + [x]`
     1. In order to make sure that everything is good, you can now run `grep "/your/old/datadir" database-dump.sql` which should not bring up further results.<br>
     1. **Please note:** Unfortunately it is not possible to import a database dump from a former database owner with the name `nextcloud`. You can check if that is the case with this command: `grep "Name: oc_appconfig; Type: TABLE; Schema: public; Owner:" database-dump.sql | grep -oP 'Owner:.*$' | sed 's|Owner:||;s| ||g'`. If it returns `nextcloud`, you need to rename the owner in the dump file manually. A command like the following should work, however please note that it is possible that it will overwrite wrong lines. You can thus first check which lines it will change with `grep "Owner: nextcloud$" database-dump.sql`. If only correct looking lines get returned, feel free to change them with `sed -i 's|Owner: nextcloud$|Owner: ncadmin|' database-dump.sql`.
-The same applies for the second statement, check with `grep " OWNER TO nextcloud;$" database-dump.sql` and replace with `sed -i 's| OWNER TO nextcloud;$| OWNER TO ncadmin;$|' database-dump.sql`.
+The same applies for the second statement, check with `grep " OWNER TO nextcloud;$" database-dump.sql` and replace with `sed -i 's| OWNER TO nextcloud;$| OWNER TO ncadmin;|' database-dump.sql`.
 1. Next, copy the database dump into the correct place and prepare the database container which will import from the database dump automatically the next container start: 
     ```
     sudo docker run --rm --volume nextcloud_aio_database_dump:/mnt/data:rw alpine rm /mnt/data/database-dump.sql

nextcloud-aio-helm-chart/update-helm.sh

@@ -214,14 +214,14 @@ find ./ -name '*service.yaml' -exec sed -i "/^spec:/a\ \ ipFamilyPolicy: PreferD
 # shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "s|'{{|\"{{|g;s|}}'|}}\"|g" \{} \; 
 # shellcheck disable=SC1083
-find ./ -name '*.yaml' -exec sed -i "/type: Recreate/d" \{} \; 
-# shellcheck disable=SC1083
-find ./ -name '*.yaml' -exec sed -i "/strategy:/d" \{} \; 
-# shellcheck disable=SC1083
 find ./ \( -not -name '*service.yaml' -name '*.yaml' \) -exec sed -i "/^status:/d" \{} \; 
 # shellcheck disable=SC1083
 find ./ \( -not -name '*persistentvolumeclaim.yaml' -name '*.yaml' \) -exec sed -i "/resources:/d" \{} \; 
 # shellcheck disable=SC1083
+find ./ -name "*namespace.yaml" -exec sed -i "1i\\{{- if ne .Values.NAMESPACE \"default\" }}" \{} \; 
+# shellcheck disable=SC1083
+find ./ -name "*namespace.yaml" -exec sed -i "$ a {{- end }}" \{} \; 
+# shellcheck disable=SC1083
 find ./ -name '*.yaml' -exec sed -i "/creationTimestamp: null/d" \{} \; 
 VOLUMES="$(find ./ -name '*persistentvolumeclaim.yaml' | sed 's|-persistentvolumeclaim.yaml||g;s|.*nextcloud-aio-||g' | sort)"
 mapfile -t VOLUMES <<< "$VOLUMES"

php/composer.json

@@ -5,7 +5,7 @@
         }
     },
     "require": {
-        "php": "8.2.*",
+        "php": "8.3.*",
         "ext-json": "*",
         "ext-sodium": "*",
         "ext-curl": "*",
@@ -22,6 +22,6 @@
 		"psalm": "psalm --threads=1",
 		"psalm:update-baseline": "psalm --threads=1 --update-baseline",
 		"lint": "find . -name \\*.php -not -path './vendor/*' -exec php -l {} \\;",
-		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.2 \\;"
+		"php-deprecation-detector": "find . -name \\*.php -not -path './vendor/*' -exec phpdd scan {} -n -t 8.3 \\;"
 	}
 }

php/containers.json

@@ -146,7 +146,8 @@
         "NEXTCLOUD_PASSWORD",
         "TURN_SECRET",
         "SIGNALING_SECRET",
-        "FULLTEXTSEARCH_PASSWORD"
+        "FULLTEXTSEARCH_PASSWORD",
+        "IMAGINARY_SECRET"
       ],
       "volumes": [
         {
@@ -220,7 +221,8 @@
         "APACHE_PORT=%APACHE_PORT%",
         "APACHE_IP_BINDING=%APACHE_IP_BINDING%",
         "ADDITIONAL_TRUSTED_PROXY=%CADDY_IP_ADDRESS%",
-        "THIS_IS_AIO=true"
+        "THIS_IS_AIO=true",
+        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
       ],
       "stop_grace_period": 600,
       "restart": "unless-stopped",
@@ -646,7 +648,8 @@
       ],
       "internal_port": "9000",
       "environment": [
-        "TZ=%TIMEZONE%"
+        "TZ=%TIMEZONE%",
+        "IMAGINARY_SECRET=%IMAGINARY_SECRET%"
       ],
       "restart": "unless-stopped",
       "cap_add": [
@@ -664,6 +667,9 @@
       "read_only": true,
       "tmpfs": [
         "/tmp"
+      ],
+      "secrets": [
+        "IMAGINARY_SECRET"
       ]
     },
     {