wtserver 0.18

f6710673 · w4t · a223407c · f6710673 · f6710673 · f6710673
Commit f6710673 authored Mar 10, 2025 by w4t
Showing with 742 additions and 741 deletions

install_letsencrypt.sh distros/debian12/install_letsencrypt.sh +3 -2

install_owncloud.sh distros/debian12/install_owncloud.sh +738 -738

install_webmail.sh distros/debian12/install_webmail.sh +1 -1

No files found.
--- a/distros/debian12/install_letsencrypt.sh
+++ b/distros/debian12/install_letsencrypt.sh
@@ -42,7 +42,9 @@ InstallLetsEncrypt() {
 	#wget -O -  https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | INSTALLONLINE=1 sh
 	#wget -O -  https://raw.githubusercontent.com/acmesh-official/acme.sh/master/acme.sh | sh -s -- --install-online -m  wolftronics@wolftronics.hu
-	curl https://get.acme.sh | sh -s >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
+	#curl https://get.acme.sh | sh -s >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
+	curl https://get.acme.sh -o install_acme.sh >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
+	sh install_acme.sh >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
 	./root/.acme.sh/acme.sh --set-default-ca --server letsencrypt >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
 	echo -e "[${green}DONE${NC}]"
@@ -64,7 +66,6 @@ InstallLetsEncrypt() {
 	# Cron job configuration
 	#echo "0 0 * * * /home/$SUDO_USER/.acme.sh/acme.sh --cron --home /home/$SUDO_USER/.acme.sh > /dev/null" >> /etc/crontab
-	echo -e "[${green}DONE${NC}]"
    else
 	echo -n -e "$IDENTATION_LVL_1 SKIP INSTALL - Reason: ${red}Your Choice ${NC}\n"
    fi

--- a/distros/debian12/install_owncloud.sh
+++ b/distros/debian12/install_owncloud.sh
 #---------------------------------------------------------------------
-# Function: InstallCloud
+# Function: InstallNextcloudVer
-#    Install and configure Nextcloud or Seafile based on configuration
+#    Install a specific version of Nextcloud
 #---------------------------------------------------------------------
-InstallCloud() {
+InstallNextcloudVer() {
-    STORAGE_ROOT="/var/www"
+    version=$1
+    hash=$2
-    case $CFG_CLOUDTYPE in
-	"nextcloud")
-	    INSTALL_DIR=/usr/local/lib/nextcloud
-	    CLOUD_DIR=$INSTALL_DIR/cloud	
-	    InstallNextcloud
-	    ;;
-	"seafile")
-	    echo -e "Not implemented!!!"
-	    ;;
-    esac
-    # Generate SSL certificate
+    echo -n -e "$IDENTATION_LVL_1 Installing Nextcloud $version"
-    systemctl stop nginx
-    if [ "$CFG_SSL_NEW" == "yes" ]; then
-	sh  /root/.acme.sh/acme.sh --issue --standalone -d cloud.$CFG_HOSTNAME_DOMAIN --force  >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
-    else
-	#cp -av /home/administrator/wtlinux_server_setup/acme_ssl/arbajnok/cloud.$CFG_HOSTNAME_DOMAIN ~/.acme.sh/
-	cp -av /home/$SUDO_USER/wtlinux_server_setup/acme_ssl/$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN /root/.acme.sh/ >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
-    fi
-    systemctl restart nginx
+    # Remove the current Nextcloud installation
+    rm -rf $CLOUD_DIR
-    # Save configuration details
+    # Download and verify the Nextcloud package
-    cat >> /home/$SUDO_USER/wtlinux_server_setup/wtserver_configuration.txt <<EOF
+    wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
-# $CFG_CLOUDTYPE store the passwords
-#------------------------------
-URL     			: $url
-$CFG_CLOUDTYPE Admin   		: $CFG_CLOUDADMINUSER
-$CFG_CLOUDTYPE Password   	: $CFG_CLOUDADMINPWD
-Database type			: $CFG_CLOUDDBTYPE
+    # Extract Nextcloud
-Database host			: $CFG_CLOUDDBHOST
+    unzip -q /tmp/nextcloud.zip -d $INSTALL_DIR
-Database port			: $CFG_CLOUDDBPORT
+    mv $INSTALL_DIR/nextcloud $CLOUD_DIR
-Database name			: $CFG_CLOUDDBNAME
+    rm -f /tmp/nextcloud.zip
-Database user			: $CFG_CLOUDDBUSER
-Database password		: $CFG_CLOUDDBPWD
-#------------------------------
-EOF
-    echo -e "[${green}DONE${NC}]"
-}
-#---------------------------------------------------------------------
+    # Empty the skeleton dir to save some space for each new user
-# Function: InstallNextcloud
+    rm -rf $CLOUD_DIR/core/skeleton/*
-#    Install and configure Nextcloud
-#---------------------------------------------------------------------
-InstallNextcloud() {
-    nextcloud_ver=31.0.0
-    nextcloud_hash=545584d128e3242337548ac2cdf31e6019b738f4
-    echo -n -e "$IDENTATION_LVL_0 ${BWhite}Installing Nextcloud${NC}"
+    # Create the apps directory if it doesn't exist
-    echo -n -e "$IDENTATION_LVL_1 Installing required packages... "
+    mkdir -p $CLOUD_DIR/apps
-    # Install required PHP packages
+    # Install additional Nextcloud apps
-    apt_install php8.2 php8.2-fpm php8.2-cli php8.2-sqlite php8.2-gd php8.2-imap php8.2-curl php-pear curl \
+    InstallNextcloudApps
-		php8.2-dev memcached php-memcached php8.2-xml php8.2-mbstring php8.2-zip php8.2-apcu \
-		php8.2-fpm php8.2-mysql php8.2-xsl php8.2-gmp php8.2-bcmath php8.2-cgi php-gettext libxml2-dev \
-		php8.2-json php8.2-intl php8.2-imagick php8.2-common php8.2-opcache php8.2-readline php8.2
-    # Enable APC before Nextcloud tools are run
+    # Fix directory permissions
-    sed -i '1i apc.enabled=1\napc.enable_cli=1' /etc/php/8.2/mods-available/apcu.ini
+    chmod 750 $CLOUD_DIR/{apps,config}
-    # Get current Nextcloud version if config.php exists
+    # Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
-    if [ -f "$CLOUD_DIR/config.php" ]; then
+    # put in, and in new installs we're creating a symlink and will create the actual config later).
-	CURRENT_NEXTCLOUD_VER=$(php8.2 -r "include(\"$CLOUD_DIR/config.php\"); echo(\$CONFIG['version']);")
+    ln -sf "$STORAGE_ROOT/nextcloud/config.php" $CLOUD_DIR/config/config.php
-    else
-	CURRENT_NEXTCLOUD_VER=""
-    fi
-    # Install or upgrade Nextcloud if necessary
+    # Make sure permissions are correct or the upgrade step won't run.
-    if [ ! -d $CLOUD_DIR ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then
+    # $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
-	# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail
+    # that error.
-	systemctl restart php8.2-fpm stop &> /dev/null || /bin/true
+    chown -f -R www-data:www-data "$STORAGE_ROOT/nextcloud" $INSTALL_DIR || /bin/true
-	# Backup existing Nextcloud installation
+    # If this isn't a new installation, immediately run the upgrade script.
-	# Create a backup directory to store the current installation and database to
+    # Then check for success (0=ok and 3=no upgrade needed, both are success).
-	BACKUP_DIRECTORY=$CLOUD_DIR-backup/`date +"%Y-%m-%d-%T"`
+    if [ -e $STORAGE_ROOT/nextcloud/nextcloud.db ]; then
-	mkdir -p "$BACKUP_DIRECTORY"
+	sudo -u www-data php $CLOUD_DIR/occ upgrade
-	if [ -d $CLOUD_DIR/ ]; then
+	if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
-	    echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to $BACKUP_DIRECTORY..."
+	    echo "Trying NextCloud upgrade again to work around NextCloud upgrade bug..."
-	    cp -r $CLOUD_DIR "$BACKUP_DIRECTORY/nextcloud-install"
+	    sudo -u www-data php $CLOUD_DIR/occ upgrade
- 	fi
+	    if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
-	if [ -e "$STORAGE_ROOT/nextcloud/nextcloud.db" ]; then
+	    sudo -u www-data php $CLOUD_DIR/occ maintenance:mode --off
-		cp "$STORAGE_ROOT/nextcloud/owncloud.db" "$BACKUP_DIRECTORY"
+	    echo "...which seemed to work."
-	fi
-	if [ -e "$STORAGE_ROOT/nextcloud/config.php" ]; then
-		cp "$STORAGE_ROOT/nextcloud/config.php" "$BACKUP_DIRECTORY"
 	fi
-	# Perform version-specific upgrades
+	# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
-	if [ -n "${CURRENT_NEXTCLOUD_VER}" ]; then
+	sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-indices
-	    if [ -e "$CLOUD_DIR/config.php" ]; then
+	sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-primary-keys
-		# Remove the read-onlyness of the config, which is needed for migrations, especially for v24
-		sed -i -e '/config_is_read_only/d' "$CLOUD_DIR/config.php"
-	    fi
-	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^27 ]]; then
+	# Run conversion to BigInt identifiers, this process may take some time on large tables.
-		InstallNextcloudVer 28.0.14 8a9edcfd26d318eb7d1cfa44d69796f2d1098a80
+	sudo -u www-data php8.2 $CLOUD_DIR/occ db:convert-filecache-bigint --no-interaction
-		CURRENT_NEXTCLOUD_VER="28.0.14"
    fi
-	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^28 ]]; then
+    # Configure web server (Apache or Nginx)
-		InstallNextcloudVer 29.0.12 6cd53db7a8d730ebd5972081344db41eb2b174a8
+    case $CFG_WEBSERVER in
-		CURRENT_NEXTCLOUD_VER="29.0.12"
+    "apache")
-	    fi
+	cat >> /etc/apache2/sites-available/nextcloud.conf <<EOF
+<VirtualHost *:80>
+ DocumentRoot "$CLOUD_DIR"
+ ServerName cloud.$CFG_HOSTNAME_DOMAIN
-	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^29 ]]; then
+ ErrorLog ${APACHE_LOG_DIR}/error.log
-		InstallNextcloudVer 30.0.6 c7171b03f9904a2051e765fe09ab3e95e2e564e6
+ CustomLog ${APACHE_LOG_DIR}/access.log combined
-		CURRENT_NEXTCLOUD_VER="30.0.6"
-	    fi
-	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^30 ]]; then
+<Directory $CLOUD_DIR/>
-		InstallNextcloudVer 31.0.0 545584d128e3242337548ac2cdf31e6019b738f4
+ Options +FollowSymlinks
-		CURRENT_NEXTCLOUD_VER="31.0.0"
+ AllowOverride All
-	    fi
-	fi
-    else
-	InstallNextcloudVer $owncloud_ver $owncloud_hash
-    fi
-    # Configure Nextcloud permissions
+ <IfModule mod_dav.c>
-    cat >> ./nextcloud_permissions.sh <<EOF
+ Dav off
-#!/bin/bash
+ </IfModule>
-ocpath='$CLOUD_DIR'
+ SetEnv HOME $CLOUD_DIR/>
-htuser='www-data'
+ SetEnv HTTP_HOME $CLOUD_DIR
-htgroup='www-data'
+ Satisfy Any
-rootuser='root'
-printf "Creating possible missing Directories\n"
+</Directory>
-mkdir -p \$ocpath/data
-mkdir -p \$ocpath/assets
-mkdir -p \$ocpath/updater
-printf "chmod Files and Directories\n"
+</VirtualHost>
-find \${ocpath}/ -type f -print0 | xargs -0 chmod 0640
+EOF
-find \${ocpath}/ -type d -print0 | xargs -0 chmod 0770
-printf "Setting directory ownership\n"
+	cat >> /etc/apache2/sites-available/nextcloud-le-ssl.conf <<EOF
-chown -R \${rootuser}:\${htgroup} \${ocpath}/
+<IfModule mod_headers.c>
-chown -R \${htuser}:\${htgroup} \${ocpath}/apps/
+     Header always set Strict-Transport-Security "max-age=15768000; preload"
-chown -R \${htuser}:\${htgroup} \${ocpath}/assets/
+ </IfModule>
-chown -R \${htuser}:\${htgroup} \${ocpath}/config/
+EOF
-chown -R \${htuser}:\${htgroup} \${ocpath}/data/
-chown -R \${htuser}:\${htgroup} \${ocpath}/themes/
-chown -R \${htuser}:\${htgroup} \${ocpath}/updater/
-chmod +x \${ocpath}/occ
+	ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
+	a2enmod rewrite headers env dir mime setenvif ssl
+	a2ensite default-ssl
+	systemctl restart apache2
+	;;
+    "nginx")
+	cat > /etc/nginx/sites-available/nextcloud.vhost <<EOF;
+server {
+    listen 80;
+    server_name cloud.$CFG_HOSTNAME_DOMAIN;
+    return 301 https://\$server_name\$request_uri;
+}
-printf "Setting .htaccess permissions\n"
+server {
-if [ -f \${ocpath}/.htaccess ]; then
+#    listen 80;
-    chmod 0644 \${ocpath}/.htaccess
+    listen 443 ssl http2;
-    chown \${rootuser}:\${htgroup} \${ocpath}/.htaccess
+    server_name cloud.$CFG_HOSTNAME_DOMAIN;
-fi
-if [ -f \${ocpath}/data/.htaccess ]; then
+    ssl_protocols TLSv1.2 TLSv1.3;
-    chmod 0644 \${ocpath}/data/.htaccess
+    ssl_certificate     /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.cer;
-    chown \${rootuser}:\${htgroup} \${ocpath}/data/.htaccess
+    ssl_certificate_key /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.key;
-fi
-EOF
-    chmod +x ./nextcloud_permissions.sh
+    ssl_session_timeout 1d;
-    #./nextcloud_permissions.sh
+    ssl_session_cache shared:SSL:10m;
+    ssl_session_tickets off;
-    # Create initial configuration
+    # Add headers to serve security related headers
-    instanceid=oc$(echo $CFG_HOSTNAME_DOMAIN | sha1sum | fold -w 10 | head -n 1)
+    # Before enabling Strict-Transport-Security headers please read into this
+    # topic first.
+    add_header Strict-Transport-Security "max-age=15768000;preload" always;
+    add_header X-Content-Type-Options nosniff;
+    add_header X-Frame-Options "SAMEORIGIN";
+    add_header X-XSS-Protection "1; mode=block";
+    add_header X-Robots-Tag none;
+    add_header X-Download-Options noopen;
+    add_header X-Permitted-Cross-Domain-Policies none;
-    echo -n "Creating Nextcloud settings and database..."
+    # Path to the root of your installation
-    CFG_CLOUDDBNAME=nextcloud
+    root $CLOUD_DIR/;
-    CFG_CLOUDDBUSER=nextcloud
-    CFG_CLOUDDBPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1)
-    dbruser=root
-    CFG_CLOUDADMINUSER=root
-    CFG_CLOUDADMINPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1)
-    case $CFG_CLOUDDBTYPE in
+    location = /robots.txt {
-	"mysql")
+        allow all;
-	    if [ $CFG_CLOUDDBHOST == "localhost" ]; then
+        log_not_found off;
-		mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
+        access_log off;
-		#mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" > /dev/null 2>&1
+    }
-		mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
-		mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'localhost' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
-		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
-	    else
-		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
-		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
-		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'%' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
-		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
-	    fi
-	    # Enable UTF8mb4 (4-byte support)
-	    #databases=$(mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)
-	    #for db in $databases; do
-	    #    if [[ "$db" != "performance_schema" ]] && [[ "$db" != _* ]] && [[ "$db" != "information_schema" ]];
-	    #    then
-	    #	echo "Changing to UTF8mb4 on: $db"
-	    #	mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "ALTER DATABASE $db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
-	    #    fi
-	    #done
-	    # Repair and set Nextcloud config values
-	    #mysqlcheck -u root -p"$CFG_MYSQL_ROOT_PWD" --auto-repair --optimize --all-databases
-	    #sudo -u www-data "$STORAGE_ROOT"/owncloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
-	    #sudo -u www-data "$STORAGE_ROOT"/owncloud/occ maintenance:repair
-	    sudo -u www-data php8.2 "$CLOUD_DIR"/occ maintenance:install \
+    # The following 2 rules are only needed for the user_webfinger app.
-		--database "mysql" \
+    # Uncomment it if you're planning to use this app.
-		--database-name "$CFG_CLOUDDBNAME" \
+    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-		--database-user "$CFG_CLOUDDBUSER" \
+    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
-		--database-pass "$CFG_CLOUDDBPWD" \		
+    # last;
-		--database-host="$CFG_CLOUDDBHOST" \
-		--database-port="3306" \
-		--admin-user "$CFG_CLOUDADMINUSER" \
-		--admin-pass "$CFG_CLOUDADMINPWD" \
-		--data-dir "$STORAGE_ROOT/nextcloud" \
-		--admin-email "cloud@$CFG_HOSTNAME_DOMAIN" \
-		--instanceid "$instanceid"
-	    # Set SMTP mail
+    location = /.well-known/carddav {
-	    #sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value="smtp"
+        return 301 \$scheme://\$host/remote.php/dav;
-	    # Set logrotate
+    }
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_rotate_size --value="10485760"
+    location = /.well-known/caldav {
-	    # Added trusted domains
+       return 301 \$scheme://\$host/remote.php/dav;
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 1 --value=$IP_ADDRESS
+    }
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 2 --value=cloud.$CFG_HOSTNAME_DOMAIN
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set memcache.local --value '\OC\Memcache\APCu'
+    location ~ /.well-known/acme-challenge {
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_from_address --value 'cloud_administrator'
+      allow all;
-	    TIMEZONE=$(cat /etc/timezone)
+    }
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logtimezone --value=$TIMEZONE
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logdateformat --value 'Y-m-d H:i:s'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_domain --value=$CFG_HOSTNAME_DOMAIN
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set overwrite.cli.url --value 'https://$CFG_HOSTNAME_DOMAIN/cloud'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_type --value 'syslog'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set syslog_tag --value 'Nextcloud'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set system_addressbook_exposed --value 'no'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value 'sendmail'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpauth --type boolean --value true
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtphost --value '127.0.0.1'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpport --value '587'
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpsecure --value ''
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpname --value ''
-	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtppassword --value ''
-	    CONFIG_FILE="$CLOUD_DIR/config/config.php"
+    # set max upload size
+    client_max_body_size 512M;
+    fastcgi_buffers 64 4K;
-	    if ! grep -q "'config_is_read_only'" "$CONFIG_FILE"; then
+    # Disable gzip to avoid the removal of the ETag header
-		sed -i "/);/i \$CONFIG['config_is_read_only'] = false;" "$CONFIG_FILE"
+    gzip off;
-	    fi
-	    if ! grep -q "'user_backends'" "$CONFIG_FILE"; then
+    # Uncomment if your server is build with the ngx_pagespeed module
-		sed -i "/);/i \$CONFIG['user_backends'] = array(\n  array(\n    'class' => '\\\\OCA\\\\UserExternal\\\\IMAP',\n    'arguments' => array(\n      '127.0.0.1', 143, null, null, false, false\n    ),\n  ),\n);" "$CONFIG_FILE"
+    # This module is currently not supported.
-	    fi
+    #pagespeed off;
-	    chown www-data.www-data $CLOUD_DIR/config.php
+    error_page 403 /core/templates/403.php;
+    error_page 404 /core/templates/404.php;
-	    # Enable/disable apps. Note that this must be done after the Nextcloud setup.
+    location / {
-	    # The firstrunwizard gave Josh all sorts of problems, so disabling that.
+       rewrite ^ /index.php\$uri;
-	    # user_external is what allows Nextcloud to use IMAP for login. The contacts
+    }
-	    # and calendar apps are the extensions we really care about here.
-	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:disable firstrunwizard
-	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable user_external
-	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable contacts
-	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable calendar
-	    # When upgrading, run the upgrade script again now that apps are enabled. It seems like
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
-	    # the first upgrade at the top won't work because apps may be disabled during upgrade?
+       deny all;
-	    # Check for success (0=ok, 3=no upgrade needed).
+    }
-	    sudo -u www-data php8.2 $CLOUD_DIR/occ upgrade
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
-	    E=$?
+       deny all;
-	    if [ $E -ne 0 ] && [ $E -ne 3 ]; then exit 1; fi
+     }
-	    # Disable default apps that are not needed
+    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
-            sudo -u www-data php8.2 $CLOUD_DIR/occ app:disable photos dashboard activity weather_status logreader | (grep -v "No such app enabled" || /bin/true)
+       include fastcgi_params;
+       fastcgi_split_path_info ^(.+\.php)(/.*)$;
+       fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
+       fastcgi_param PATH_INFO \$fastcgi_path_info;
+       #Avoid sending the security headers twice
+       fastcgi_param modHeadersAvailable true;
+       fastcgi_param front_controller_active true;
+       fastcgi_pass unix:/run/php/php7.3-fpm.sock;
+       fastcgi_intercept_errors on;
+       fastcgi_request_buffering off;
+    }
-	    # Install additional apps
+    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
-	    (sudo -u www-data php8.2 $CLOUD_DIR/occ app:install notes) || true
+       try_files \$uri/ =404;
-	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable notes
+       index index.php;
+    }
-	    (sudo -u www-data php8.2 $CLOUD_DIR/occ app:install twofactor_totp) || true
+    # Adding the cache control header for js and css files
-	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable twofactor_totp
+    # Make sure it is BELOW the PHP block
+    location ~* \.(?:css|js)$ {
+        try_files \$uri /index.php\$uri\$is_args\$args;
+        add_header Cache-Control "public, max-age=7200";
+        # Add headers to serve security related headers (It is intended to
+        # have those duplicated to the ones above)
+        add_header X-Content-Type-Options nosniff;
+        add_header X-Frame-Options "SAMEORIGIN";
+        add_header X-XSS-Protection "1; mode=block";
+        add_header X-Robots-Tag none;
+        add_header X-Download-Options noopen;
+        add_header X-Permitted-Cross-Domain-Policies none;
+        # Optional: Don't log access to assets
+        access_log off;
+   }
-	    # Upgrade all apps
+   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
-	    sudo -u www-data php $CLOUD_DIR/occ app:update --all
+        try_files \$uri /index.php\$uri\$is_args\$args;
+        # Optional: Don't log access to other assets
+        access_log off;
+   }
+}
+EOF
-	    echo
+	mkdir -p /etc/nginx/sites-enabled
-	    echo "Nextcloud version:"
+	ln -s /etc/nginx/sites-available/nextcloud.vhost /etc/nginx/sites-enabled/nextcloud.vhost
-	    sudo -u www-data php8.2 "$CLOUD_DIR"/occ status
-	    sleep 3
-	    echo
 	;;
-	"sqlite")
+    esac
-	    # Setup Nextcloud if the Nextcloud database does not yet exist. Running setup when
+}
-	    # the database does exist wipes the database and user data.
-	    if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
-		# Create user data directory
-		#mkdir -p $STORAGE_ROOT/owncloud
-		# Set permissions
+InstallNextcloudApps() {
-		#chown -R www-data.www-data $STORAGE_ROOT/owncloud $STORAGE_ROOT/owncloud
+    # Admin
+    # https://apps.nextcloud.com/apps/onlyoffice
+    #wget_verify https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.6.0/onlyoffice.tar.gz fce197299377535b64097e86458cd9b2a8f98cf0 /tmp/onlyoffice.tgz
+    #tar xf /tmp/onlyoffice.tgz -C $CLOUD_DIR/apps/
+    #rm /tmp/onlyoffice.tgz
-		# Execute Nextcloud's setup step, which creates the Nextcloud sqlite database.
+    # https://apps.nextcloud.com/apps/richdocuments
-		# It also wipes it if it exists. And it updates config.php with database
+    wget_verify https://github.com/nextcloud-releases/richdocuments/releases/download/v8.6.1/richdocuments-v8.6.1.tar.gz c5db28abb1481f74fd7e80539d322f81a3327dcb /tmp/richdocuments.tgz
-		# settings and deletes the autoconfig.php file.
+    tar xf /tmp/richdocuments.tgz -C $CLOUD_DIR/apps/
-		#    (cd $STORAGE_ROOT/owncloud; sudo -u www-data php $STORAGE_ROOT/owncloud/index.php;)
+    rm /tmp/richdocuments.tgz
-	    fi
-		# Migrate users_external data from <0.6.0 to version 3.0.0
+    # https://apps.nextcloud.com/apps/drop_account
-		# (see https://github.com/nextcloud/user_external).
+    wget_verify https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz b14b9011f85ba25ce13ff4cedd1e50e96bcffdec /tmp/drop_account.tgz
-		# This version was probably in use in Mail-in-a-Box v0.41 (February 26, 2019) and earlier.
+    tar xf /tmp/drop_account.tgz -C $CLOUD_DIR/apps/
-		# We moved to v0.6.3 in 193763f8. Ignore errors - maybe there are duplicated users with the
+    rm /tmp/drop_account.tgz
-		# correct backend already.
-		sqlite3 "$STORAGE_ROOT/owncloud/owncloud.db" "UPDATE oc_users_external SET backend='127.0.0.1';" || /bin/true
-	;;
-    esac
+    # https://apps.nextcloud.com/apps/files_accesscontrol
+    wget_verify https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v2.0.0/files_accesscontrol-v2.0.0.tar.gz 5b8a2c489cb36bed2cd490c1517506612cdfb804 /tmp/files_accesscontrol.tgz
+    tar xf /tmp/files_accesscontrol.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/files_accesscontrol.tgz
-    # Set PHP FPM values to support large file uploads
+    # https://apps.nextcloud.com/apps/files_antivirus
-    # (semicolon is the comment character in this file, hashes produce deprecation warnings)
+    wget_verify https://github.com/nextcloud-releases/files_antivirus/releases/download/v6.0.0-beta.1/files_antivirus-v6.0.0-beta.1.tar.gz dc44dc2d9459050cd3a10464830f62b25772c9e1 /tmp/files_antivirus.tgz
-    #sed -i "s/upload_max_filesize =.*/upload_max_filesize = 16G/g" /etc/php/8.2/fpm/php.ini
+    tar xf /tmp/files_antivirus.tgz -C $CLOUD_DIR/apps/
-    sed -i "s/upload_max_filesize =.*/upload_max_filesize = 1G/g" /etc/php/8.2/fpm/php.ini
+    rm /tmp/files_antivirus.tgz
-    #sed -i "s/post_max_size =.*/post_max_size = 16G/g" /etc/php/8.2/fpm/php.ini
-    sed -i "s/post_max_size =.*/post_max_size = 1G/g" /etc/php/8.2/fpm/php.ini
-    sed -i "s/output_buffering =.*/output_buffering = 16384/g" /etc/php/8.2/fpm/php.ini
-    sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/fpm/php.ini
-    sed -i "s/max_execution_time =.*/max_execution_time = 600/g" /etc/php/8.2/fpm/php.ini
-    sed -i "s/short_open_tag =.*/short_open_tag = On/g" /etc/php/8.2/fpm/php.ini
-    #management/editconf.py /etc/php/8.2/fpm/php.ini -c ';' \
+    # https://apps.nextcloud.com/apps/ransomware_protection
-    #	upload_max_filesize=16G \
+    #wget_verify https://github.com/nextcloud/ransomware_protection/releases/download/v1.5.1/ransomware_protection-1.5.1.tar.gz 77d05b65a049dfbf29a3a4c7fa70903ef10fdb6e /tmp/ransomware_protection.tgz
-    #	post_max_size=16G \
+    #tar xf /tmp/ransomware_protection.tgz -C $CLOUD_DIR/apps/
-    #	output_buffering=16384 \
+    #rm /tmp/ransomware_protection.tgz
-    #	memory_limit=512M \
-    #	max_execution_time=600 \
-    #	short_open_tag=On
-    # Set Nextcloud recommended opcache settings
+    # Admin apps
-    #if grep -q opcache.enable=0 /etc/php/7.3/mods-available/apcu.ini; then
+    # https://apps.nextcloud.com/apps/sociallogin
-    #    sed -i "s/;opcache.enable=.*/opcache.enable=1/g" /etc/php/7.3/fpm/php.ini
+    # 'social_login_auto_redirect' => true setting in config.php
-    #fi
+    wget_verify https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.9.2/release.tar.gz 6d44480bd798e40489c5fea716a1f214c803bf79 /tmp/sociallogin.tgz
-    sed -i "s/;opcache.enable.*/opcache.enable=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    tar xf /tmp/sociallogin.tgz -C $CLOUD_DIR/apps/
-    sed -i "s/;opcache.enable_cli.*/opcache.enable_cli=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    rm /tmp/sociallogin.tgz
-    sed -i "s/;opcache.interned_strings_buffer.*/opcache.interned_strings_buffer=16/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
-    sed -i "s/max_accelerated_files=.*/max_accelerated_files=10000/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
-    sed -i "s/opcache.memory_consumption=.*/opcache.memory_consumption=128/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
-    sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
-    sed -i "s/opcache.revalidate_freq=.*/opcache.revalidate_freq=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
-    #management/editconf.py /etc/php/8.2/cli/conf.d/10-opcache.ini -c ';' \
+    # https://apps.nextcloud.com/apps/external
-    #	opcache.enable=1 \
+    wget_verify https://github.com/nextcloud-releases/external/releases/download/v6.0.1/external-v6.0.1.tar.gz d8b5ec2c9911ebf4b8a5a6cb53b1f54336c0a4ec /tmp/external.tgz
-    #	opcache.enable_cli=1 \
+    tar xf /tmp/external.tgz -C $CLOUD_DIR/apps/
-    #	opcache.interned_strings_buffer=16 \
+    rm /tmp/external.tgz
-    #	opcache.max_accelerated_files=10000 \
-    #	opcache.memory_consumption=128 \
-    #	opcache.save_comments=1 \
-    #	opcache.revalidate_freq=1
-   # Configure the path environment for php-fpm
+    # https://apps.nextcloud.com/apps/sharepoint
-   sed -i '/env\[PATH/s/;//g' /etc/php/8.2/fpm/pool.d/www.conf
+    wget_verify https://github.com/nextcloud-releases/sharepoint/releases/download/v1.19.0/sharepoint-v1.19.0.tar.gz 108cbeb8a018631d1723a9a2e46411feeb42f60d /tmp/sharepoint.tgz
+    tar xf /tmp/sharepoint.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/sharepoint.tgz
-   # If apc is explicitly disabled we need to enable it
+    # https://apps.nextcloud.com/apps/announcementcenter
-   #if grep -q apc.enabled=0 /etc/php/8.2/mods-available/apcu.ini; then
+    wget_verify https://github.com/nextcloud-releases/announcementcenter/releases/download/v7.1.0/announcementcenter-v7.1.0.tar.gz acd361da895a91d3cf71fe3569287dc2e90e0842 /tmp/announcementcenter.tgz
-   #if grep -q apc.enabled=1 /etc/php/8.2/mods-available/apcu.ini; then
+    tar xf /tmp/announcementcenter.tgz -C $CLOUD_DIR/apps/
-   #    echo "apc.enabled=1" >> /etc/php/8.2/mods-available/apcu.ini
+    rm /tmp/announcementcenter.tgz
-   #fi
-   # Set up a general cron job for Nextcloud.
+    # https://apps.nextcloud.com/apps/impersonate
-   # Also add another job for Calendar updates, per advice in the Nextcloud docs
+    wget_verify https://github.com/nextcloud-releases/impersonate/releases/download/v2.0.0/impersonate-v2.0.0.tar.gz a67366f5de79be2dc6f71ee0ce5cf027555e90f9 /tmp/impersonate.tgz
-   # https://docs.nextcloud.com/server/24/admin_manual/groupware/calendar.html#background-jobs
+    tar xf /tmp/impersonate.tgz -C $CLOUD_DIR/apps/
-   cat > /etc/cron.d/cron-nextcloud << EOF;
+    rm /tmp/impersonate.tgz
-#!/bin/bash
-# Wolftronics server setup script
-*/5 * * * *	root	sudo -u www-data php8.2 -f $CLOUD_DIR/cron.php
-*/5 * * * *	root	sudo -u www-data php8.2 -f $CLOUD_DIR/occ dav:send-event-reminders
-EOF
-    chmod +x /etc/cron.d/cron-nextcloud
-    # We also need to change the sending mode from background-job to occ
+    # https://apps.nextcloud.com/apps/ocdownloader
-    # Or else the reminders will just be sent as soon as possible when the background jobs run
+    #wget_verify https://github.com/e-alfred/ocdownloader/releases/download/1.6.0-Alpha2/ocdownloader_1.6.0alpha2 59625f5ec936ab1c26744f222718124848944d9d /tmp/ocdownloader.tgz
-    hide_output sudo -u www-data php8.2 -f $CLOUD_DIR/occ config:app:set dav sendEventRemindersMode --value occ
+    #tar xf /tmp/ocdownloader.tgz -C $CLOUD_DIR/apps/
+    #rm /tmp/ocdownloader.tgz
-    # Run the maintenance command
+    # https://apps.nextcloud.com/apps/files_retention
-    hide_output sudo -u www-data php8.2 $CLOUD_DIR/occ maintenance:repair --include-expensive
+    wget_verify https://github.com/nextcloud-releases/files_retention/releases/download/v2.0.0/files_retention-v2.0.0.tar.gz 8a99fbd808d9e561230ec706981f68a1f9649597 /tmp/files_retention.tgz
+    tar xf /tmp/files_retention.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/files_retention.tgz
-    # Set the config to read-only
+    # https://apps.nextcloud.com/apps/files_automatedtagging
-    sed -i'' "s/'config_is_read_only'\s*=>\s*false/'config_is_read_only' => true/" "$STORAGE_ROOT/owncloud/config.php"
+    wget_verify https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v2.0.0/files_automatedtagging-v2.0.0.tar.gz a532f0d6f81770029027fb6372fd8c30bb0eb064 /tmp/files_automatedtagging.tgz
+    tar xf /tmp/files_automatedtagging.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/files_automatedtagging.tgz
-    # Create nextcloud log in /var/log
+    # https://apps.nextcloud.com/apps/groupfolders
-    hide_output install -m 644 conf/rsyslog/20-nextcloud.conf /etc/rsyslog.d/
+    wget_verify https://github.com/nextcloud-releases/groupfolders/releases/download/v19.0.3/groupfolders-v19.0.3.tar.gz 08ac7404b17886589fe258e29d55a4213804aef1 /tmp/groupfolders.tgz
+    tar xf /tmp/groupfolders.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/groupfolders.tgz
-    # There's nothing much of interest that a user could do as an admin for Nextcloud,
+    # https://apps.nextcloud.com/apps/checksum
-    # and there's a lot they could mess up, so we don't make any users admins of Nextcloud.
+    wget_verify https://github.com/westberliner/checksum/releases/download/v1.2.5/checksum.tar.gz 808f28d315f1aa30543090dceeded22f8b951fa1 /tmp/checksum.tgz
-    # But if we wanted to, we would do this:
+    tar xf /tmp/checksum.tgz -C $CLOUD_DIR/apps/
-    # ```
+    rm /tmp/checksum.tgz
-    # for user in $(management/cli.py user admins); do
-    #	 sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "INSERT OR IGNORE INTO oc_group_user VALUES ('admin', '$user')"
-    # done
-    # ```
-    # Enable PHP modules and restart PHP.
+    # https://apps.nextcloud.com/apps/fulltextsearch
-    restart_service php8.2-fpm
+    wget_verify https://github.com/nextcloud-releases/fulltextsearch/releases/download/31.0.0/fulltextsearch-31.0.0.tar.gz 0858ae675775c642efb8874b074f1158a7d239a3 /tmp/fulltextsearch.tgz
+    tar xf /tmp/fulltextsearch.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/fulltextsearch.tgz
-#echo -n "Configuring Redis Cache for nextCloud..."
+    # https://apps.nextcloud.com/apps/quota_warning
-#hide_output add-apt-repository -y ppa:chris-lea/redis-server
+    wget_verify https://github.com/nextcloud-releases/quota_warning/releases/download/v1.21.0/quota_warning-v1.21.0.tar.gz a973fc59753dd124e9dd7ab763863650e90873ca /tmp/quota_warning.tgz
-#hide_output apt-get update
+    tar xf /tmp/quota_warning.tgz -C $CLOUD_DIR/apps/
-#apt_get_quiet upgrade
+    rm /tmp/quota_warning.tgz
-#apt_install redis-server
-#systemctl restart apache2
-#systemctl restart nginx
-#phpenmod redis
-#hide_output systemctl start redis-server
-#hide_output systemctl enable redis-server
-#apt_install php-redis
-#cat >> $STORAGE_ROOT/owncloud/config/config.php <<EOF
+    # https://apps.nextcloud.com/apps/user_usage_report
-#'memcache.distributed' => '\OC\Memcache\Redis',
+    wget_verify https://github.com/nextcloud-releases/user_usage_report/releases/download/v2.0.0/user_usage_report-v2.0.0.tar.gz 1437f10a2d6cd8da7650054896e0ce57ab566cfb /tmp/user_usage_report.tgz
-#'memcache.local' => '\OC\Memcache\Redis',
+    tar xf /tmp/user_usage_report.tgz -C $CLOUD_DIR/apps/
-#'memcache.locking' => '\OC\Memcache\Redis',
+    rm /tmp/user_usage_report.tgz
-#'redis' => array(
-#     'host' => 'localhost',
-#     'port' => 6379,
-#     ),
-#EOF
-}
-#---------------------------------------------------------------------
+    # https://apps.nextcloud.com/apps/unsplash
-# Function: InstallNextcloudVer
+    #wget_verify https://github.com/jancborchardt/unsplash/releases/download/v1.1.3/unsplash-1.1.3.tar.gz e4f8c62067cbf657fbff80f744b9991e55448520 /tmp/unsplash.tgz
-#    Install a specific version of Nextcloud
+    #tar xf /tmp/unsplash.tgz -C $CLOUD_DIR/apps/
-#---------------------------------------------------------------------
+    #rm /tmp/unsplash.tgz
-InstallNextcloudVer() {
-    version=$1
-    hash=$2
-    echo -n -e "$IDENTATION_LVL_1 Installing Nextcloud $version"
+    # https://apps.nextcloud.com/apps/twofactor_admin
+    #wget_verify https://github.com/ChristophWurst/twofactor_admin/releases/download/v0.2.0/twofactor_admin.tar.gz c669e1c0c0323702d6a44d404f00a543cbb5d941  /tmp/twofactor_admin.tgz
+    #tar xf /tmp/twofactor_admin.tgz -C $CLOUD_DIR/apps/
+    #rm /tmp/twofactor_admin.tgz
-    # Remove the current Nextcloud installation
+    # https://apps.nextcloud.com/apps/contacts
-    rm -rf $CLOUD_DIR
+    wget_verify https://github.com/nextcloud-releases/contacts/releases/download/v7.0.1/contacts-v7.0.1.tar.gz 9e4ae15e80e6df6444f62491eecf73ae63b12ab1 /tmp/contacts.tgz
+    tar xf /tmp/contacts.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/contacts.tgz
-    # Download and verify the Nextcloud package
+    # https://apps.nextcloud.com/apps/calendar
-    wget_verify https://download.nextcloud.com/server/releases/nextcloud-$version.zip $hash /tmp/nextcloud.zip
+    wget_verify https://github.com/nextcloud-releases/calendar/releases/download/v5.1.2/calendar-v5.1.2.tar.gz 4f5c310ebd1f65c66a4a5d9e70ea4701698d79ea /tmp/calendar.tgz
+    tar xf /tmp/calendar.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/calendar.tgz
-    # Extract Nextcloud
+    # https://apps.nextcloud.com/apps/event_update_notification
-    unzip -q /tmp/nextcloud.zip -d $INSTALL_DIR
+    wget_verify https://github.com/nextcloud-releases/event_update_notification/releases/download/v2.6.1/event_update_notification-v2.6.1.tar.gz e1360a65c28df9670cf963830a9e836c8fb5016b /tmp/event_update_notification.tgz
-    mv $INSTALL_DIR/nextcloud $CLOUD_DIR
+    tar xf /tmp/event_update_notification.tgz -C $CLOUD_DIR/apps/
-    rm -f /tmp/nextcloud.zip
+    rm /tmp/event_update_notification.tgz
-    # Empty the skeleton dir to save some space for each new user
+    # https://apps.nextcloud.com/apps/notes
-    rm -rf $CLOUD_DIR/core/skeleton/*
+    wget_verify https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz 7f8f42387e05c9a2ecfc4c490861ebebcbaec264 /tmp/notes.tgz
+    tar xf /tmp/notes.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/notes.tgz
-    # Create the apps directory if it doesn't exist
+    # https://apps.nextcloud.com/apps/tasks
-    mkdir -p $CLOUD_DIR/apps
+    wget_verify https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz 69069c4bf0de8faf61a3d7b758d087e87cbeba27 /tmp/tasks.tgz
+    tar xf /tmp/tasks.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/tasks.tgz
-    # Install additional Nextcloud apps
+    # https://apps.nextcloud.com/apps/deck
-    InstallNextcloudApps
+    wget_verify https://github.com/nextcloud-releases/deck/releases/download/v1.15.0/deck-v1.15.0.tar.gz 92b15aa14f157045455d47dad2a3993141500f4e /tmp/deck.tgz
+    tar xf /tmp/deck.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/deck.tgz
-    # Fix directory permissions
+    # GPS apps
-    chmod 750 $CLOUD_DIR/{apps,config}
+    # https://apps.nextcloud.com/apps/phonetrack
+    wget_verify https://github.com/julien-nc/phonetrack/releases/download/v0.8.2/phonetrack-0.8.2.tar.gz 4f088acd122249e24cae05abdebcf0e3c72bdd9d /tmp/phonetrack.tgz
+    tar xf /tmp/phonetrack.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/phonetrack.tgz
-    # Create a symlink to the config.php in STORAGE_ROOT (for upgrades we're restoring the symlink we previously
+    # https://apps.nextcloud.com/apps/gpxpod
-    # put in, and in new installs we're creating a symlink and will create the actual config later).
+    wget_verify https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz 09d1bceab95bfb088ee28c61b82601e551e40a48 /tmp/gpxpod.tgz
-    ln -sf "$STORAGE_ROOT/nextcloud/config.php" $CLOUD_DIR/config/config.php
+    tar xf /tmp/gpxpod.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/gpxpod.tgz
-    # Make sure permissions are correct or the upgrade step won't run.
+    # Password apps
-    # $STORAGE_ROOT/owncloud may not yet exist, so use -f to suppress
+    # https://apps.nextcloud.com/apps/passman
-    # that error.
+    wget_verify https://releases.passman.cc/passman_2.4.11.tar.gz f7e55bc38958702007b655a95898f617c1c0eab6 /tmp/passman.tgz
-    chown -f -R www-data:www-data "$STORAGE_ROOT/nextcloud" $INSTALL_DIR || /bin/true
+    tar xf /tmp/passman.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/passman.tgz
-    # If this isn't a new installation, immediately run the upgrade script.
+    # https://apps.nextcloud.com/apps/keeweb
-    # Then check for success (0=ok and 3=no upgrade needed, both are success).
+    wget_verify https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.20/keeweb-0.6.20.tar.gz 7980ab730d262e54e8e61ea3cfcd4ebde3846862 /tmp/keeweb.tgz
-    if [ -e $STORAGE_ROOT/nextcloud/nextcloud.db ]; then
+    tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
-	sudo -u www-data php $CLOUD_DIR/occ upgrade
+    rm /tmp/keeweb.tgz
-	if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then
-	    echo "Trying NextCloud upgrade again to work around NextCloud upgrade bug..."
-	    sudo -u www-data php $CLOUD_DIR/occ upgrade
-	    if [ \( $? -ne 0 \) -a \( $? -ne 3 \) ]; then exit 1; fi
-	    sudo -u www-data php $CLOUD_DIR/occ maintenance:mode --off
-	    echo "...which seemed to work."
-	fi
-	# Add missing indices. NextCloud didn't include this in the normal upgrade because it might take some time.
+    # https://apps.nextcloud.com/apps/passwords
-	sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-indices
+    wget_verify https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.2.0/passwords.tar.gz 244c9efb6bf55fb922d06a448da5c9a20b43cd89 /tmp/passwords.tgz
-	sudo -u www-data php8.2 $CLOUD_DIR/occ db:add-missing-primary-keys
+    tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/passwords.tgz
-	# Run conversion to BigInt identifiers, this process may take some time on large tables.
+    # Social sharing apps
-	sudo -u www-data php8.2 $CLOUD_DIR/occ db:convert-filecache-bigint --no-interaction
+    # https://apps.nextcloud.com/apps/socialsharing_email
-    fi
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_email-v3.3.0.tar.gz b00832ac733662cf3883648406fa73da464ada4d /tmp/socialsharing_email.tgz
+    tar xf /tmp/socialsharing_email.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/socialsharing_email.tgz
-    # Configure web server (Apache or Nginx)
+    # https://apps.nextcloud.com/apps/socialsharing_facebook
-    case $CFG_WEBSERVER in
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_facebook-v3.3.0.tar.gz dae509b53edb9e1a58a61b090b21e5deada5891c /tmp/socialsharing_facebook.tgz
-    "apache")
+    tar xf /tmp/socialsharing_facebook.tgz -C $CLOUD_DIR/apps/
-	cat >> /etc/apache2/sites-available/nextcloud.conf <<EOF
+    rm /tmp/socialsharing_facebook.tgz
-<VirtualHost *:80>
- DocumentRoot "$CLOUD_DIR"
- ServerName cloud.$CFG_HOSTNAME_DOMAIN
- ErrorLog ${APACHE_LOG_DIR}/error.log
+    # https://apps.nextcloud.com/apps/socialsharing_twitter
- CustomLog ${APACHE_LOG_DIR}/access.log combined
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_twitter-v3.3.0.tar.gz 0f357ab59e9148df28d9a12d0626818873c2575c /tmp/socialsharing_twitter.tgz
+    tar xf /tmp/socialsharing_twitter.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/socialsharing_twitter.tgz
-<Directory $CLOUD_DIR/>
+    # https://apps.nextcloud.com/apps/socialsharing_diaspora
- Options +FollowSymlinks
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_diaspora-v3.3.0.tar.gz cb366d346681daf95bd94dd105a4fab3bb601e9b /tmp/socialsharing_googleplus.tgz
- AllowOverride All
+    tar xf /tmp/socialsharing_googleplus.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/socialsharing_googleplus.tgz
- <IfModule mod_dav.c>
+    # https://apps.nextcloud.com/apps/socialsharing_bluesky
- Dav off
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_bluesky-v3.3.0.tar.gz b4037e8cb26e658e3351a6d97310edc2120965b2 /tmp/socialsharing_bluesky.tgz
- </IfModule>
+    tar xf /tmp/socialsharing_bluesky.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/socialsharing_bluesky.tgz
- SetEnv HOME $CLOUD_DIR/>
+    # https://apps.nextcloud.com/apps/socialsharing_telegram
- SetEnv HTTP_HOME $CLOUD_DIR
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_telegram-v3.3.0.tar.gz b4ec7393cb98943fbffc1c57d834cff72c9afd8f /tmp/socialsharing_telegram.tgz
- Satisfy Any
+    tar xf /tmp/socialsharing_telegram.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/socialsharing_telegram.tgz
-</Directory>
+    # https://apps.nextcloud.com/apps/socialsharing_whatsapp
+    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_whatsapp-v3.3.0.tar.gz b5e922c76dd9409ca8954b2855c22f3775b28d35 /tmp/socialsharing_whatsapp.tgz
+    tar xf /tmp/socialsharing_whatsapp.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/socialsharing_whatsapp.tgz    
-</VirtualHost>
+    # Bookmarks, Mail apps
-EOF
+    # https://apps.nextcloud.com/apps/bookmarks
+    wget_spec_verify https://github.com/nextcloud/bookmarks/releases/download/v15.1.0/bookmarks-15.1.0.tar.gz 776e0c9a9679762d481428dc1a8928b9b7b3510c /tmp/bookmarks.tgz
+    tar xf /tmp/bookmarks.tgz -C $CLOUD_DIR/apps/
+    rm /tmp/bookmarks.tgz
-	cat >> /etc/apache2/sites-available/nextcloud-le-ssl.conf <<EOF
+    # https://apps.nextcloud.com/apps/mail
-<IfModule mod_headers.c>
+    wget_verify https://github.com/nextcloud-releases/mail/releases/download/v4.2.2/mail-stable4.2.tar.gz 2f93388a1d4d367316326fa5bdb7bb0e086e2c80 /tmp/mail.tgz
-     Header always set Strict-Transport-Security "max-age=15768000; preload"
+    tar xf /tmp/mail.tgz -C $CLOUD_DIR/apps/
- </IfModule>
+    rm /tmp/mail.tgz
-EOF
-	ln -s /etc/apache2/sites-available/nextcloud.conf /etc/apache2/sites-enabled/nextcloud.conf
+    # Video call
-	a2enmod rewrite headers env dir mime setenvif ssl
+    # https://apps.nextcloud.com/apps/spreed
-	a2ensite default-ssl
+    wget_verify https://github.com/nextcloud-releases/spreed/releases/download/v21.0.0/spreed-v21.0.0.tar.gz 51ef52d47b9bee281a63f12aa755f97a2c650f12  /tmp/spreed.tgz
-	systemctl restart apache2
+    tar xf /tmp/spreed.tgz -C $CLOUD_DIR/apps/
-	;;
+    rm /tmp/spreed.tgz
-    "nginx")
-	cat > /etc/nginx/sites-available/nextcloud.vhost <<EOF;
-server {
-    listen 80;
-    server_name cloud.$CFG_HOSTNAME_DOMAIN;
-    return 301 https://\$server_name\$request_uri;
 }
-server {
+#---------------------------------------------------------------------
-#    listen 80;
+# Function: InstallNextcloud
-    listen 443 ssl http2;
+#    Install and configure Nextcloud
-    server_name cloud.$CFG_HOSTNAME_DOMAIN;
+#---------------------------------------------------------------------
+InstallNextcloud() {
+    nextcloud_ver=31.0.0
+    nextcloud_hash=545584d128e3242337548ac2cdf31e6019b738f4
-    ssl_protocols TLSv1.2 TLSv1.3;
+    echo -n -e "$IDENTATION_LVL_0 ${BWhite}Installing Nextcloud${NC}"
-    ssl_certificate     /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.cer;
+    echo -n -e "$IDENTATION_LVL_1 Installing required packages... "
-    ssl_certificate_key /home/$SUDO_USER/.acme.sh/cloud.$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN.key;
-    ssl_session_timeout 1d;
+    # Install required PHP packages
-    ssl_session_cache shared:SSL:10m;
+    apt_install php8.2 php8.2-fpm php8.2-cli php8.2-sqlite php8.2-gd php8.2-imap php8.2-curl php-pear curl \
-    ssl_session_tickets off;
+		php8.2-dev memcached php-memcached php8.2-xml php8.2-mbstring php8.2-zip php8.2-apcu \
+		php8.2-fpm php8.2-mysql php8.2-xsl php8.2-gmp php8.2-bcmath php8.2-cgi php-gettext libxml2-dev \
+		php8.2-json php8.2-intl php8.2-imagick php8.2-common php8.2-opcache php8.2-readline php8.2
-    # Add headers to serve security related headers
+    # Enable APC before Nextcloud tools are run
-    # Before enabling Strict-Transport-Security headers please read into this
+    sed -i '1i apc.enabled=1\napc.enable_cli=1' /etc/php/8.2/mods-available/apcu.ini
-    # topic first.
-    add_header Strict-Transport-Security "max-age=15768000;preload" always;
-    add_header X-Content-Type-Options nosniff;
-    add_header X-Frame-Options "SAMEORIGIN";
-    add_header X-XSS-Protection "1; mode=block";
-    add_header X-Robots-Tag none;
-    add_header X-Download-Options noopen;
-    add_header X-Permitted-Cross-Domain-Policies none;
-    # Path to the root of your installation
+    # Get current Nextcloud version if config.php exists
-    root $CLOUD_DIR/;
+    if [ -f "$CLOUD_DIR/config.php" ]; then
+	CURRENT_NEXTCLOUD_VER=$(php8.2 -r "include(\"$CLOUD_DIR/config.php\"); echo(\$CONFIG['version']);")
+    else
+	CURRENT_NEXTCLOUD_VER=""
+    fi
-    location = /robots.txt {
+    # Install or upgrade Nextcloud if necessary
-        allow all;
+    if [ ! -d $CLOUD_DIR ] || [[ ! ${CURRENT_NEXTCLOUD_VER} =~ ^$nextcloud_ver ]]; then
-        log_not_found off;
+	# Stop php-fpm if running. If theyre not running (which happens on a previously failed install), dont bail
-        access_log off;
+	systemctl restart php8.2-fpm stop &> /dev/null || /bin/true
-    }
-    # The following 2 rules are only needed for the user_webfinger app.
+	# Backup existing Nextcloud installation
-    # Uncomment it if you're planning to use this app.
+	# Create a backup directory to store the current installation and database to
-    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
+	BACKUP_DIRECTORY=$CLOUD_DIR-backup/`date +"%Y-%m-%d-%T"`
-    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json
+	mkdir -p "$BACKUP_DIRECTORY"
-    # last;
+	if [ -d $CLOUD_DIR/ ]; then
+	    echo "Upgrading Nextcloud --- backing up existing installation, configuration, and database to $BACKUP_DIRECTORY..."
+	    cp -r $CLOUD_DIR "$BACKUP_DIRECTORY/nextcloud-install"
+ 	fi
+	if [ -e "$STORAGE_ROOT/nextcloud/nextcloud.db" ]; then
+		cp "$STORAGE_ROOT/nextcloud/owncloud.db" "$BACKUP_DIRECTORY"
+	fi
+	if [ -e "$STORAGE_ROOT/nextcloud/config.php" ]; then
+		cp "$STORAGE_ROOT/nextcloud/config.php" "$BACKUP_DIRECTORY"
+	fi
-    location = /.well-known/carddav {
+	# Perform version-specific upgrades
-        return 301 \$scheme://\$host/remote.php/dav;
+	if [ -n "${CURRENT_NEXTCLOUD_VER}" ]; then
-    }
+	    if [ -e "$CLOUD_DIR/config.php" ]; then
-    location = /.well-known/caldav {
+		# Remove the read-onlyness of the config, which is needed for migrations, especially for v24
-       return 301 \$scheme://\$host/remote.php/dav;
+		sed -i -e '/config_is_read_only/d' "$CLOUD_DIR/config.php"
-    }
+	    fi
-    location ~ /.well-known/acme-challenge {
+	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^27 ]]; then
-      allow all;
+		InstallNextcloudVer 28.0.14 8a9edcfd26d318eb7d1cfa44d69796f2d1098a80
-    }
+		CURRENT_NEXTCLOUD_VER="28.0.14"
+	    fi
-    # set max upload size
+	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^28 ]]; then
-    client_max_body_size 512M;
+		InstallNextcloudVer 29.0.12 6cd53db7a8d730ebd5972081344db41eb2b174a8
-    fastcgi_buffers 64 4K;
+		CURRENT_NEXTCLOUD_VER="29.0.12"
+	    fi
-    # Disable gzip to avoid the removal of the ETag header
+	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^29 ]]; then
-    gzip off;
+		InstallNextcloudVer 30.0.6 c7171b03f9904a2051e765fe09ab3e95e2e564e6
+		CURRENT_NEXTCLOUD_VER="30.0.6"
+	    fi
-    # Uncomment if your server is build with the ngx_pagespeed module
+	    if [[ ${CURRENT_NEXTCLOUD_VER} =~ ^30 ]]; then
-    # This module is currently not supported.
+		InstallNextcloudVer 31.0.0 545584d128e3242337548ac2cdf31e6019b738f4
-    #pagespeed off;
+		CURRENT_NEXTCLOUD_VER="31.0.0"
+	    fi
+	fi
+    else
+	InstallNextcloudVer $owncloud_ver $owncloud_hash
+    fi
-    error_page 403 /core/templates/403.php;
+    # Configure Nextcloud permissions
-    error_page 404 /core/templates/404.php;
+    cat >> ./nextcloud_permissions.sh <<EOF
+#!/bin/bash
-    location / {
+ocpath='$CLOUD_DIR'
-       rewrite ^ /index.php\$uri;
+htuser='www-data'
-    }
+htgroup='www-data'
+rootuser='root'
-    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)/ {
+printf "Creating possible missing Directories\n"
-       deny all;
+mkdir -p \$ocpath/data
-    }
+mkdir -p \$ocpath/assets
-    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
+mkdir -p \$ocpath/updater
-       deny all;
-     }
-    location ~ ^/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
+printf "chmod Files and Directories\n"
-       include fastcgi_params;
+find \${ocpath}/ -type f -print0 | xargs -0 chmod 0640
-       fastcgi_split_path_info ^(.+\.php)(/.*)$;
+find \${ocpath}/ -type d -print0 | xargs -0 chmod 0770
-       fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
-       fastcgi_param PATH_INFO \$fastcgi_path_info;
-       #Avoid sending the security headers twice
-       fastcgi_param modHeadersAvailable true;
-       fastcgi_param front_controller_active true;
-       fastcgi_pass unix:/run/php/php7.3-fpm.sock;
-       fastcgi_intercept_errors on;
-       fastcgi_request_buffering off;
-    }
-    location ~ ^/(?:updater|ocs-provider)(?:$|/) {
+printf "Setting directory ownership\n"
-       try_files \$uri/ =404;
+chown -R \${rootuser}:\${htgroup} \${ocpath}/
-       index index.php;
+chown -R \${htuser}:\${htgroup} \${ocpath}/apps/
-    }
+chown -R \${htuser}:\${htgroup} \${ocpath}/assets/
+chown -R \${htuser}:\${htgroup} \${ocpath}/config/
+chown -R \${htuser}:\${htgroup} \${ocpath}/data/
+chown -R \${htuser}:\${htgroup} \${ocpath}/themes/
+chown -R \${htuser}:\${htgroup} \${ocpath}/updater/
-    # Adding the cache control header for js and css files
+chmod +x \${ocpath}/occ
-    # Make sure it is BELOW the PHP block
-    location ~* \.(?:css|js)$ {
-        try_files \$uri /index.php\$uri\$is_args\$args;
-        add_header Cache-Control "public, max-age=7200";
-        # Add headers to serve security related headers (It is intended to
-        # have those duplicated to the ones above)
-        add_header X-Content-Type-Options nosniff;
-        add_header X-Frame-Options "SAMEORIGIN";
-        add_header X-XSS-Protection "1; mode=block";
-        add_header X-Robots-Tag none;
-        add_header X-Download-Options noopen;
-        add_header X-Permitted-Cross-Domain-Policies none;
-        # Optional: Don't log access to assets
-        access_log off;
-   }
-   location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
+printf "Setting .htaccess permissions\n"
-        try_files \$uri /index.php\$uri\$is_args\$args;
+if [ -f \${ocpath}/.htaccess ]; then
-        # Optional: Don't log access to other assets
+    chmod 0644 \${ocpath}/.htaccess
-        access_log off;
+    chown \${rootuser}:\${htgroup} \${ocpath}/.htaccess
-   }
+fi
-}
+if [ -f \${ocpath}/data/.htaccess ]; then
+    chmod 0644 \${ocpath}/data/.htaccess
+    chown \${rootuser}:\${htgroup} \${ocpath}/data/.htaccess
+fi
 EOF
-	mkdir -p /etc/nginx/sites-enabled
+    chmod +x ./nextcloud_permissions.sh
-	ln -s /etc/nginx/sites-available/nextcloud.vhost /etc/nginx/sites-enabled/nextcloud.vhost
+    #./nextcloud_permissions.sh
-	;;
-    esac
-}
-InstallNextcloudApps() {
+    # Create initial configuration
-    # Admin
+    instanceid=oc$(echo $CFG_HOSTNAME_DOMAIN | sha1sum | fold -w 10 | head -n 1)
-    # https://apps.nextcloud.com/apps/onlyoffice
-    #wget_verify https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.6.0/onlyoffice.tar.gz fce197299377535b64097e86458cd9b2a8f98cf0 /tmp/onlyoffice.tgz
-    #tar xf /tmp/onlyoffice.tgz -C $CLOUD_DIR/apps/
-    #rm /tmp/onlyoffice.tgz
-    # https://apps.nextcloud.com/apps/richdocuments
+    echo -n "Creating Nextcloud settings and database..."
-    wget_verify https://github.com/nextcloud-releases/richdocuments/releases/download/v8.6.1/richdocuments-v8.6.1.tar.gz c5db28abb1481f74fd7e80539d322f81a3327dcb /tmp/richdocuments.tgz
+    CFG_CLOUDDBNAME=nextcloud
-    tar xf /tmp/richdocuments.tgz -C $CLOUD_DIR/apps/
+    CFG_CLOUDDBUSER=nextcloud
-    rm /tmp/richdocuments.tgz
+    CFG_CLOUDDBPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1)
+    dbruser=root
+    CFG_CLOUDADMINUSER=root
+    CFG_CLOUDADMINPWD=$(dd if=/dev/urandom bs=1 count=64 2>/dev/null | sha256sum | fold -w 40 | head -n 1)
-    # https://apps.nextcloud.com/apps/drop_account
+    case $CFG_CLOUDDBTYPE in
-    wget_verify https://packages.framasoft.org/projects/nextcloud-apps/drop-account/drop_account-2.7.1.tar.gz b14b9011f85ba25ce13ff4cedd1e50e96bcffdec /tmp/drop_account.tgz
+	"mysql")
-    tar xf /tmp/drop_account.tgz -C $CLOUD_DIR/apps/
+	    if [ $CFG_CLOUDDBHOST == "localhost" ]; then
-    rm /tmp/drop_account.tgz
+		mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
+		#mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "CREATE DATABASE $CFG_CLOUDDBNAME CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci" > /dev/null 2>&1
+		mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
+		mariadb -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'localhost' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
+		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
+	    else
+		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "CREATE DATABASE $CFG_CLOUDDBNAME" > /dev/null 2>&1
+		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "USE $CFG_CLOUDDBNAME" > /dev/null 2>&1
+		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -h $CFG_CLOUDDBHOST -e "GRANT ALL PRIVILEGES ON $CFG_CLOUDDBNAME.* TO '$CFG_CLOUDDBUSER'@'%' IDENTIFIED BY '$CFG_CLOUDDBPWD'" > /dev/null 2>&1
+		mysql -u $dbruser -p$CFG_MYSQL_ROOT_PWD -e "flush privileges;" > /dev/null 2>&1
+	    fi
-    # https://apps.nextcloud.com/apps/files_accesscontrol
+	    # Enable UTF8mb4 (4-byte support)
-    wget_verify https://github.com/nextcloud-releases/files_accesscontrol/releases/download/v2.0.0/files_accesscontrol-v2.0.0.tar.gz 5b8a2c489cb36bed2cd490c1517506612cdfb804 /tmp/files_accesscontrol.tgz
+	    #databases=$(mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "SHOW DATABASES;" | tr -d "| " | grep -v Database)
-    tar xf /tmp/files_accesscontrol.tgz -C $CLOUD_DIR/apps/
+	    #for db in $databases; do
-    rm /tmp/files_accesscontrol.tgz
+	    #    if [[ "$db" != "performance_schema" ]] && [[ "$db" != _* ]] && [[ "$db" != "information_schema" ]];
+	    #    then
+	    #	echo "Changing to UTF8mb4 on: $db"
+	    #	mysql -u root -p"$CFG_MYSQL_ROOT_PWD" -e "ALTER DATABASE $db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
+	    #    fi
+	    #done
-    # https://apps.nextcloud.com/apps/files_antivirus
+	    # Repair and set Nextcloud config values
-    wget_verify https://github.com/nextcloud-releases/files_antivirus/releases/download/v6.0.0-beta.1/files_antivirus-v6.0.0-beta.1.tar.gz dc44dc2d9459050cd3a10464830f62b25772c9e1 /tmp/files_antivirus.tgz
+	    #mysqlcheck -u root -p"$CFG_MYSQL_ROOT_PWD" --auto-repair --optimize --all-databases
-    tar xf /tmp/files_antivirus.tgz -C $CLOUD_DIR/apps/
+	    #sudo -u www-data "$STORAGE_ROOT"/owncloud/occ config:system:set mysql.utf8mb4 --type boolean --value="true"
-    rm /tmp/files_antivirus.tgz
+	    #sudo -u www-data "$STORAGE_ROOT"/owncloud/occ maintenance:repair
-    # https://apps.nextcloud.com/apps/ransomware_protection
+	    sudo -u www-data php8.2 "$CLOUD_DIR"/occ maintenance:install \
-    #wget_verify https://github.com/nextcloud/ransomware_protection/releases/download/v1.5.1/ransomware_protection-1.5.1.tar.gz 77d05b65a049dfbf29a3a4c7fa70903ef10fdb6e /tmp/ransomware_protection.tgz
+		--database "mysql" \
-    #tar xf /tmp/ransomware_protection.tgz -C $CLOUD_DIR/apps/
+		--database-name "$CFG_CLOUDDBNAME" \
-    #rm /tmp/ransomware_protection.tgz
+		--database-user "$CFG_CLOUDDBUSER" \
+		--database-pass "$CFG_CLOUDDBPWD" \		
+		--database-host="$CFG_CLOUDDBHOST" \
+		--database-port="3306" \
+		--admin-user "$CFG_CLOUDADMINUSER" \
+		--admin-pass "$CFG_CLOUDADMINPWD" \
+		--data-dir "$STORAGE_ROOT/nextcloud" \
+		--admin-email "cloud@$CFG_HOSTNAME_DOMAIN" \
+		--instanceid "$instanceid"
-    # Admin apps
+	    # Set SMTP mail
-    # https://apps.nextcloud.com/apps/sociallogin
+	    #sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value="smtp"
-    # 'social_login_auto_redirect' => true setting in config.php
+	    # Set logrotate
-    wget_verify https://github.com/zorn-v/nextcloud-social-login/releases/download/v5.9.2/release.tar.gz 6d44480bd798e40489c5fea716a1f214c803bf79 /tmp/sociallogin.tgz
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_rotate_size --value="10485760"
-    tar xf /tmp/sociallogin.tgz -C $CLOUD_DIR/apps/
+	    # Added trusted domains
-    rm /tmp/sociallogin.tgz
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 1 --value=$IP_ADDRESS
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set trusted_domains 2 --value=cloud.$CFG_HOSTNAME_DOMAIN
-    # https://apps.nextcloud.com/apps/external
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set memcache.local --value '\OC\Memcache\APCu'
-    wget_verify https://github.com/nextcloud-releases/external/releases/download/v6.0.1/external-v6.0.1.tar.gz d8b5ec2c9911ebf4b8a5a6cb53b1f54336c0a4ec /tmp/external.tgz
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_from_address --value 'cloud_administrator'
-    tar xf /tmp/external.tgz -C $CLOUD_DIR/apps/
+	    TIMEZONE=$(cat /etc/timezone)
-    rm /tmp/external.tgz
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logtimezone --value=$TIMEZONE
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set logdateformat --value 'Y-m-d H:i:s'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_domain --value=$CFG_HOSTNAME_DOMAIN
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set overwrite.cli.url --value 'https://$CFG_HOSTNAME_DOMAIN/cloud'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set log_type --value 'syslog'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set syslog_tag --value 'Nextcloud'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set system_addressbook_exposed --value 'no'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpmode --value 'sendmail'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpauth --type boolean --value true
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtphost --value '127.0.0.1'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpport --value '587'
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpsecure --value ''
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtpname --value ''
+	    sudo -u www-data php "$CLOUD_DIR"/occ config:system:set mail_smtppassword --value ''
-    # https://apps.nextcloud.com/apps/sharepoint
+	    CONFIG_FILE="$CLOUD_DIR/config/config.php"
-    wget_verify https://github.com/nextcloud-releases/sharepoint/releases/download/v1.19.0/sharepoint-v1.19.0.tar.gz 108cbeb8a018631d1723a9a2e46411feeb42f60d /tmp/sharepoint.tgz
-    tar xf /tmp/sharepoint.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/sharepoint.tgz
-    # https://apps.nextcloud.com/apps/announcementcenter
+	    if ! grep -q "'config_is_read_only'" "$CONFIG_FILE"; then
-    wget_verify https://github.com/nextcloud-releases/announcementcenter/releases/download/v7.1.0/announcementcenter-v7.1.0.tar.gz acd361da895a91d3cf71fe3569287dc2e90e0842 /tmp/announcementcenter.tgz
+		sed -i "/);/i \$CONFIG['config_is_read_only'] = false;" "$CONFIG_FILE"
-    tar xf /tmp/announcementcenter.tgz -C $CLOUD_DIR/apps/
+	    fi
-    rm /tmp/announcementcenter.tgz
-    # https://apps.nextcloud.com/apps/impersonate
+	    if ! grep -q "'user_backends'" "$CONFIG_FILE"; then
-    wget_verify https://github.com/nextcloud-releases/impersonate/releases/download/v2.0.0/impersonate-v2.0.0.tar.gz a67366f5de79be2dc6f71ee0ce5cf027555e90f9 /tmp/impersonate.tgz
+		sed -i "/);/i \$CONFIG['user_backends'] = array(\n  array(\n    'class' => '\\\\OCA\\\\UserExternal\\\\IMAP',\n    'arguments' => array(\n      '127.0.0.1', 143, null, null, false, false\n    ),\n  ),\n);" "$CONFIG_FILE"
-    tar xf /tmp/impersonate.tgz -C $CLOUD_DIR/apps/
+	    fi
-    rm /tmp/impersonate.tgz
-    # https://apps.nextcloud.com/apps/ocdownloader
+	    chown www-data.www-data $CLOUD_DIR/config.php
-    #wget_verify https://github.com/e-alfred/ocdownloader/releases/download/1.6.0-Alpha2/ocdownloader_1.6.0alpha2 59625f5ec936ab1c26744f222718124848944d9d /tmp/ocdownloader.tgz
-    #tar xf /tmp/ocdownloader.tgz -C $CLOUD_DIR/apps/
-    #rm /tmp/ocdownloader.tgz
-    # https://apps.nextcloud.com/apps/files_retention
+	    # Enable/disable apps. Note that this must be done after the Nextcloud setup.
-    wget_verify https://github.com/nextcloud-releases/files_retention/releases/download/v2.0.0/files_retention-v2.0.0.tar.gz 8a99fbd808d9e561230ec706981f68a1f9649597 /tmp/files_retention.tgz
+	    # The firstrunwizard gave Josh all sorts of problems, so disabling that.
-    tar xf /tmp/files_retention.tgz -C $CLOUD_DIR/apps/
+	    # user_external is what allows Nextcloud to use IMAP for login. The contacts
-    rm /tmp/files_retention.tgz
+	    # and calendar apps are the extensions we really care about here.
+	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:disable firstrunwizard
+	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable user_external
+	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable contacts
+	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable calendar
-    # https://apps.nextcloud.com/apps/files_automatedtagging
+	    # When upgrading, run the upgrade script again now that apps are enabled. It seems like
-    wget_verify https://github.com/nextcloud-releases/files_automatedtagging/releases/download/v2.0.0/files_automatedtagging-v2.0.0.tar.gz a532f0d6f81770029027fb6372fd8c30bb0eb064 /tmp/files_automatedtagging.tgz
+	    # the first upgrade at the top won't work because apps may be disabled during upgrade?
-    tar xf /tmp/files_automatedtagging.tgz -C $CLOUD_DIR/apps/
+	    # Check for success (0=ok, 3=no upgrade needed).
-    rm /tmp/files_automatedtagging.tgz
+	    sudo -u www-data php8.2 $CLOUD_DIR/occ upgrade
+	    E=$?
+	    if [ $E -ne 0 ] && [ $E -ne 3 ]; then exit 1; fi
-    # https://apps.nextcloud.com/apps/groupfolders
+	    # Disable default apps that are not needed
-    wget_verify https://github.com/nextcloud-releases/groupfolders/releases/download/v19.0.3/groupfolders-v19.0.3.tar.gz 08ac7404b17886589fe258e29d55a4213804aef1 /tmp/groupfolders.tgz
+            sudo -u www-data php8.2 $CLOUD_DIR/occ app:disable photos dashboard activity weather_status logreader | (grep -v "No such app enabled" || /bin/true)
-    tar xf /tmp/groupfolders.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/groupfolders.tgz
-    # https://apps.nextcloud.com/apps/checksum
+	    # Install additional apps
-    wget_verify https://github.com/westberliner/checksum/releases/download/v1.2.5/checksum.tar.gz 808f28d315f1aa30543090dceeded22f8b951fa1 /tmp/checksum.tgz
+	    (sudo -u www-data php8.2 $CLOUD_DIR/occ app:install notes) || true
-    tar xf /tmp/checksum.tgz -C $CLOUD_DIR/apps/
+	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable notes
-    rm /tmp/checksum.tgz
-    # https://apps.nextcloud.com/apps/fulltextsearch
+	    (sudo -u www-data php8.2 $CLOUD_DIR/occ app:install twofactor_totp) || true
-    wget_verify https://github.com/nextcloud-releases/fulltextsearch/releases/download/31.0.0/fulltextsearch-31.0.0.tar.gz 0858ae675775c642efb8874b074f1158a7d239a3 /tmp/fulltextsearch.tgz
+	    hide_output sudo -u www-data php8.2 $CLOUD_DIR/console.php app:enable twofactor_totp
-    tar xf /tmp/fulltextsearch.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/fulltextsearch.tgz
+	    # Upgrade all apps
+	    sudo -u www-data php $CLOUD_DIR/occ app:update --all
+	    echo
+	    echo "Nextcloud version:"
+	    sudo -u www-data php8.2 "$CLOUD_DIR"/occ status
+	    sleep 3
+	    echo
+	;;
+	"sqlite")
+	    # Setup Nextcloud if the Nextcloud database does not yet exist. Running setup when
+	    # the database does exist wipes the database and user data.
+	    if [ ! -f $STORAGE_ROOT/owncloud/owncloud.db ]; then
+		# Create user data directory
+		#mkdir -p $STORAGE_ROOT/owncloud
-    # https://apps.nextcloud.com/apps/quota_warning
+		# Set permissions
-    wget_verify https://github.com/nextcloud-releases/quota_warning/releases/download/v1.21.0/quota_warning-v1.21.0.tar.gz a973fc59753dd124e9dd7ab763863650e90873ca /tmp/quota_warning.tgz
+		#chown -R www-data.www-data $STORAGE_ROOT/owncloud $STORAGE_ROOT/owncloud
-    tar xf /tmp/quota_warning.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/quota_warning.tgz
-    # https://apps.nextcloud.com/apps/user_usage_report
+		# Execute Nextcloud's setup step, which creates the Nextcloud sqlite database.
-    wget_verify https://github.com/nextcloud-releases/user_usage_report/releases/download/v2.0.0/user_usage_report-v2.0.0.tar.gz 1437f10a2d6cd8da7650054896e0ce57ab566cfb /tmp/user_usage_report.tgz
+		# It also wipes it if it exists. And it updates config.php with database
-    tar xf /tmp/user_usage_report.tgz -C $CLOUD_DIR/apps/
+		# settings and deletes the autoconfig.php file.
-    rm /tmp/user_usage_report.tgz
+		#    (cd $STORAGE_ROOT/owncloud; sudo -u www-data php $STORAGE_ROOT/owncloud/index.php;)
+	    fi
-    # https://apps.nextcloud.com/apps/unsplash
+		# Migrate users_external data from <0.6.0 to version 3.0.0
-    #wget_verify https://github.com/jancborchardt/unsplash/releases/download/v1.1.3/unsplash-1.1.3.tar.gz e4f8c62067cbf657fbff80f744b9991e55448520 /tmp/unsplash.tgz
+		# (see https://github.com/nextcloud/user_external).
-    #tar xf /tmp/unsplash.tgz -C $CLOUD_DIR/apps/
+		# This version was probably in use in Mail-in-a-Box v0.41 (February 26, 2019) and earlier.
-    #rm /tmp/unsplash.tgz
+		# We moved to v0.6.3 in 193763f8. Ignore errors - maybe there are duplicated users with the
+		# correct backend already.
+		sqlite3 "$STORAGE_ROOT/owncloud/owncloud.db" "UPDATE oc_users_external SET backend='127.0.0.1';" || /bin/true
+	;;
+    esac
-    # https://apps.nextcloud.com/apps/twofactor_admin
-    #wget_verify https://github.com/ChristophWurst/twofactor_admin/releases/download/v0.2.0/twofactor_admin.tar.gz c669e1c0c0323702d6a44d404f00a543cbb5d941  /tmp/twofactor_admin.tgz
-    #tar xf /tmp/twofactor_admin.tgz -C $CLOUD_DIR/apps/
-    #rm /tmp/twofactor_admin.tgz
-    # https://apps.nextcloud.com/apps/contacts
+    # Set PHP FPM values to support large file uploads
-    wget_verify https://github.com/nextcloud-releases/contacts/releases/download/v7.0.1/contacts-v7.0.1.tar.gz 9e4ae15e80e6df6444f62491eecf73ae63b12ab1 /tmp/contacts.tgz
+    # (semicolon is the comment character in this file, hashes produce deprecation warnings)
-    tar xf /tmp/contacts.tgz -C $CLOUD_DIR/apps/
+    #sed -i "s/upload_max_filesize =.*/upload_max_filesize = 16G/g" /etc/php/8.2/fpm/php.ini
-    rm /tmp/contacts.tgz
+    sed -i "s/upload_max_filesize =.*/upload_max_filesize = 1G/g" /etc/php/8.2/fpm/php.ini
+    #sed -i "s/post_max_size =.*/post_max_size = 16G/g" /etc/php/8.2/fpm/php.ini
+    sed -i "s/post_max_size =.*/post_max_size = 1G/g" /etc/php/8.2/fpm/php.ini
+    sed -i "s/output_buffering =.*/output_buffering = 16384/g" /etc/php/8.2/fpm/php.ini
+    sed -i "s/memory_limit =.*/memory_limit = 512M/g" /etc/php/8.2/fpm/php.ini
+    sed -i "s/max_execution_time =.*/max_execution_time = 600/g" /etc/php/8.2/fpm/php.ini
+    sed -i "s/short_open_tag =.*/short_open_tag = On/g" /etc/php/8.2/fpm/php.ini
-    # https://apps.nextcloud.com/apps/calendar
+    #management/editconf.py /etc/php/8.2/fpm/php.ini -c ';' \
-    wget_verify https://github.com/nextcloud-releases/calendar/releases/download/v5.1.2/calendar-v5.1.2.tar.gz 4f5c310ebd1f65c66a4a5d9e70ea4701698d79ea /tmp/calendar.tgz
+    #	upload_max_filesize=16G \
-    tar xf /tmp/calendar.tgz -C $CLOUD_DIR/apps/
+    #	post_max_size=16G \
-    rm /tmp/calendar.tgz
+    #	output_buffering=16384 \
+    #	memory_limit=512M \
+    #	max_execution_time=600 \
+    #	short_open_tag=On
-    # https://apps.nextcloud.com/apps/event_update_notification
+    # Set Nextcloud recommended opcache settings
-    wget_verify https://github.com/nextcloud-releases/event_update_notification/releases/download/v2.6.1/event_update_notification-v2.6.1.tar.gz e1360a65c28df9670cf963830a9e836c8fb5016b /tmp/event_update_notification.tgz
+    #if grep -q opcache.enable=0 /etc/php/7.3/mods-available/apcu.ini; then
-    tar xf /tmp/event_update_notification.tgz -C $CLOUD_DIR/apps/
+    #    sed -i "s/;opcache.enable=.*/opcache.enable=1/g" /etc/php/7.3/fpm/php.ini
-    rm /tmp/event_update_notification.tgz
+    #fi
+    sed -i "s/;opcache.enable.*/opcache.enable=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    sed -i "s/;opcache.enable_cli.*/opcache.enable_cli=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    sed -i "s/;opcache.interned_strings_buffer.*/opcache.interned_strings_buffer=16/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    sed -i "s/max_accelerated_files=.*/max_accelerated_files=10000/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    sed -i "s/opcache.memory_consumption=.*/opcache.memory_consumption=128/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    sed -i "s/;opcache.save_comments=.*/opcache.save_comments=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
+    sed -i "s/opcache.revalidate_freq=.*/opcache.revalidate_freq=1/g" /etc/php/8.2/cli/conf.d/10-opcache.ini
-    # https://apps.nextcloud.com/apps/notes
+    #management/editconf.py /etc/php/8.2/cli/conf.d/10-opcache.ini -c ';' \
-    wget_verify https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz 7f8f42387e05c9a2ecfc4c490861ebebcbaec264 /tmp/notes.tgz
+    #	opcache.enable=1 \
-    tar xf /tmp/notes.tgz -C $CLOUD_DIR/apps/
+    #	opcache.enable_cli=1 \
-    rm /tmp/notes.tgz
+    #	opcache.interned_strings_buffer=16 \
+    #	opcache.max_accelerated_files=10000 \
+    #	opcache.memory_consumption=128 \
+    #	opcache.save_comments=1 \
+    #	opcache.revalidate_freq=1
-    # https://apps.nextcloud.com/apps/tasks
+   # Configure the path environment for php-fpm
-    wget_verify https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz 69069c4bf0de8faf61a3d7b758d087e87cbeba27 /tmp/tasks.tgz
+   sed -i '/env\[PATH/s/;//g' /etc/php/8.2/fpm/pool.d/www.conf
-    tar xf /tmp/tasks.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/tasks.tgz
-    # https://apps.nextcloud.com/apps/deck
+   # If apc is explicitly disabled we need to enable it
-    wget_verify https://github.com/nextcloud-releases/deck/releases/download/v1.15.0/deck-v1.15.0.tar.gz 92b15aa14f157045455d47dad2a3993141500f4e /tmp/deck.tgz
+   #if grep -q apc.enabled=0 /etc/php/8.2/mods-available/apcu.ini; then
-    tar xf /tmp/deck.tgz -C $CLOUD_DIR/apps/
+   #if grep -q apc.enabled=1 /etc/php/8.2/mods-available/apcu.ini; then
-    rm /tmp/deck.tgz
+   #    echo "apc.enabled=1" >> /etc/php/8.2/mods-available/apcu.ini
+   #fi
-    # GPS apps
+   # Set up a general cron job for Nextcloud.
-    # https://apps.nextcloud.com/apps/phonetrack
+   # Also add another job for Calendar updates, per advice in the Nextcloud docs
-    wget_verify https://github.com/julien-nc/phonetrack/releases/download/v0.8.2/phonetrack-0.8.2.tar.gz 4f088acd122249e24cae05abdebcf0e3c72bdd9d /tmp/phonetrack.tgz
+   # https://docs.nextcloud.com/server/24/admin_manual/groupware/calendar.html#background-jobs
-    tar xf /tmp/phonetrack.tgz -C $CLOUD_DIR/apps/
+   cat > /etc/cron.d/cron-nextcloud << EOF;
-    rm /tmp/phonetrack.tgz
+#!/bin/bash
+# Wolftronics server setup script
+*/5 * * * *	root	sudo -u www-data php8.2 -f $CLOUD_DIR/cron.php
+*/5 * * * *	root	sudo -u www-data php8.2 -f $CLOUD_DIR/occ dav:send-event-reminders
+EOF
+    chmod +x /etc/cron.d/cron-nextcloud
-    # https://apps.nextcloud.com/apps/gpxpod
+    # We also need to change the sending mode from background-job to occ
-    wget_verify https://github.com/julien-nc/gpxpod/releases/download/v7.0.4/gpxpod-7.0.4.tar.gz 09d1bceab95bfb088ee28c61b82601e551e40a48 /tmp/gpxpod.tgz
+    # Or else the reminders will just be sent as soon as possible when the background jobs run
-    tar xf /tmp/gpxpod.tgz -C $CLOUD_DIR/apps/
+    hide_output sudo -u www-data php8.2 -f $CLOUD_DIR/occ config:app:set dav sendEventRemindersMode --value occ
-    rm /tmp/gpxpod.tgz
-    # Password apps
+    # Run the maintenance command
-    # https://apps.nextcloud.com/apps/passman
+    hide_output sudo -u www-data php8.2 $CLOUD_DIR/occ maintenance:repair --include-expensive
-    wget_verify https://releases.passman.cc/passman_2.4.11.tar.gz f7e55bc38958702007b655a95898f617c1c0eab6 /tmp/passman.tgz
-    tar xf /tmp/passman.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/passman.tgz
-    # https://apps.nextcloud.com/apps/keeweb
+    # Set the config to read-only
-    wget_verify https://github.com/jhass/nextcloud-keeweb/releases/download/v0.6.20/keeweb-0.6.20.tar.gz 7980ab730d262e54e8e61ea3cfcd4ebde3846862 /tmp/keeweb.tgz
+    sed -i'' "s/'config_is_read_only'\s*=>\s*false/'config_is_read_only' => true/" "$STORAGE_ROOT/owncloud/config.php"
-    tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/keeweb.tgz
-    # https://apps.nextcloud.com/apps/passwords
+    # Create nextcloud log in /var/log
-    wget_verify https://git.mdns.eu/api/v4/projects/45/packages/generic/passwords/2025.2.0/passwords.tar.gz 244c9efb6bf55fb922d06a448da5c9a20b43cd89 /tmp/passwords.tgz
+    hide_output install -m 644 conf/rsyslog/20-nextcloud.conf /etc/rsyslog.d/
-    tar xf /tmp/keeweb.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/passwords.tgz
-    # Social sharing apps
+    # There's nothing much of interest that a user could do as an admin for Nextcloud,
-    # https://apps.nextcloud.com/apps/socialsharing_email
+    # and there's a lot they could mess up, so we don't make any users admins of Nextcloud.
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_email-v3.3.0.tar.gz b00832ac733662cf3883648406fa73da464ada4d /tmp/socialsharing_email.tgz
+    # But if we wanted to, we would do this:
-    tar xf /tmp/socialsharing_email.tgz -C $CLOUD_DIR/apps/
+    # ```
-    rm /tmp/socialsharing_email.tgz
+    # for user in $(management/cli.py user admins); do
+    #	 sqlite3 $STORAGE_ROOT/owncloud/owncloud.db "INSERT OR IGNORE INTO oc_group_user VALUES ('admin', '$user')"
+    # done
+    # ```
-    # https://apps.nextcloud.com/apps/socialsharing_facebook
+    # Enable PHP modules and restart PHP.
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_facebook-v3.3.0.tar.gz dae509b53edb9e1a58a61b090b21e5deada5891c /tmp/socialsharing_facebook.tgz
+    restart_service php8.2-fpm
-    tar xf /tmp/socialsharing_facebook.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/socialsharing_facebook.tgz
-    # https://apps.nextcloud.com/apps/socialsharing_twitter
+#echo -n "Configuring Redis Cache for nextCloud..."
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_twitter-v3.3.0.tar.gz 0f357ab59e9148df28d9a12d0626818873c2575c /tmp/socialsharing_twitter.tgz
+#hide_output add-apt-repository -y ppa:chris-lea/redis-server
-    tar xf /tmp/socialsharing_twitter.tgz -C $CLOUD_DIR/apps/
+#hide_output apt-get update
-    rm /tmp/socialsharing_twitter.tgz
+#apt_get_quiet upgrade
+#apt_install redis-server
+#systemctl restart apache2
+#systemctl restart nginx
+#phpenmod redis
+#hide_output systemctl start redis-server
+#hide_output systemctl enable redis-server
+#apt_install php-redis
-    # https://apps.nextcloud.com/apps/socialsharing_diaspora
+#cat >> $STORAGE_ROOT/owncloud/config/config.php <<EOF
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_diaspora-v3.3.0.tar.gz cb366d346681daf95bd94dd105a4fab3bb601e9b /tmp/socialsharing_googleplus.tgz
+#'memcache.distributed' => '\OC\Memcache\Redis',
-    tar xf /tmp/socialsharing_googleplus.tgz -C $CLOUD_DIR/apps/
+#'memcache.local' => '\OC\Memcache\Redis',
-    rm /tmp/socialsharing_googleplus.tgz
+#'memcache.locking' => '\OC\Memcache\Redis',
+#'redis' => array(
+#     'host' => 'localhost',
+#     'port' => 6379,
+#     ),
+#EOF
+}
-    # https://apps.nextcloud.com/apps/socialsharing_bluesky
+#---------------------------------------------------------------------
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_bluesky-v3.3.0.tar.gz b4037e8cb26e658e3351a6d97310edc2120965b2 /tmp/socialsharing_bluesky.tgz
+# Function: InstallCloud
-    tar xf /tmp/socialsharing_bluesky.tgz -C $CLOUD_DIR/apps/
+#    Install and configure Nextcloud or Seafile based on configuration
-    rm /tmp/socialsharing_bluesky.tgz
+#---------------------------------------------------------------------
+InstallCloud() {
+    STORAGE_ROOT="/var/www"
-    # https://apps.nextcloud.com/apps/socialsharing_telegram
+    case $CFG_CLOUDTYPE in
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_telegram-v3.3.0.tar.gz b4ec7393cb98943fbffc1c57d834cff72c9afd8f /tmp/socialsharing_telegram.tgz
+	"nextcloud")
-    tar xf /tmp/socialsharing_telegram.tgz -C $CLOUD_DIR/apps/
+	    INSTALL_DIR=/usr/local/lib/nextcloud
-    rm /tmp/socialsharing_telegram.tgz
+	    CLOUD_DIR=$INSTALL_DIR/cloud	
+	    InstallNextcloud
+	    ;;
+	"seafile")
+	    echo -e "Not implemented!!!"
+	    ;;
+    esac
-    # https://apps.nextcloud.com/apps/socialsharing_whatsapp
+    # Generate SSL certificate
-    wget_verify https://github.com/nextcloud-releases/socialsharing/releases/download/v3.3.0/socialsharing_whatsapp-v3.3.0.tar.gz b5e922c76dd9409ca8954b2855c22f3775b28d35 /tmp/socialsharing_whatsapp.tgz
+    systemctl stop nginx
-    tar xf /tmp/socialsharing_whatsapp.tgz -C $CLOUD_DIR/apps/
+    if [ "$CFG_SSL_NEW" == "yes" ]; then
-    rm /tmp/socialsharing_whatsapp.tgz    
+	sh  /root/.acme.sh/acme.sh --issue --standalone -d cloud.$CFG_HOSTNAME_DOMAIN --force  >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
+    else
+	#cp -av /home/administrator/wtlinux_server_setup/acme_ssl/arbajnok/cloud.$CFG_HOSTNAME_DOMAIN ~/.acme.sh/
+	cp -av /home/$SUDO_USER/wtlinux_server_setup/acme_ssl/$CFG_HOSTNAME_DOMAIN/cloud.$CFG_HOSTNAME_DOMAIN /root/.acme.sh/ >> $PROGRAMS_INSTALL_LOG_FILES 2>&1
+    fi
-    # Bookmarks, Mail apps
+    systemctl restart nginx
-    # https://apps.nextcloud.com/apps/bookmarks
-    wget_spec_verify https://github.com/nextcloud/bookmarks/releases/download/v15.1.0/bookmarks-15.1.0.tar.gz 776e0c9a9679762d481428dc1a8928b9b7b3510c /tmp/bookmarks.tgz
-    tar xf /tmp/bookmarks.tgz -C $CLOUD_DIR/apps/
-    rm /tmp/bookmarks.tgz
-    # https://apps.nextcloud.com/apps/mail
+    # Save configuration details
-    wget_verify https://github.com/nextcloud-releases/mail/releases/download/v4.2.2/mail-stable4.2.tar.gz 2f93388a1d4d367316326fa5bdb7bb0e086e2c80 /tmp/mail.tgz
+    cat >> /home/$SUDO_USER/wtlinux_server_setup/wtserver_configuration.txt <<EOF
-    tar xf /tmp/mail.tgz -C $CLOUD_DIR/apps/
+# $CFG_CLOUDTYPE store the passwords
-    rm /tmp/mail.tgz
+#------------------------------
+URL     			: $url
+$CFG_CLOUDTYPE Admin   		: $CFG_CLOUDADMINUSER
+$CFG_CLOUDTYPE Password   	: $CFG_CLOUDADMINPWD
-    # Video call
+Database type			: $CFG_CLOUDDBTYPE
-    # https://apps.nextcloud.com/apps/spreed
+Database host			: $CFG_CLOUDDBHOST
-    wget_verify https://github.com/nextcloud-releases/spreed/releases/download/v21.0.0/spreed-v21.0.0.tar.gz 51ef52d47b9bee281a63f12aa755f97a2c650f12  /tmp/spreed.tgz
+Database port			: $CFG_CLOUDDBPORT
-    tar xf /tmp/spreed.tgz -C $CLOUD_DIR/apps/
+Database name			: $CFG_CLOUDDBNAME
-    rm /tmp/spreed.tgz
+Database user			: $CFG_CLOUDDBUSER
+Database password		: $CFG_CLOUDDBPWD
+#------------------------------
+EOF
+    echo -e "[${green}DONE${NC}]"
 }
--- a/distros/debian12/install_webmail.sh
+++ b/distros/debian12/install_webmail.sh
@@ -131,7 +131,7 @@ InstallRoundcubeLatest() {
    # Install required PHP packages
    echo -e "$IDENTATION_LVL_2 Installing required PHP packages... "
-    apt_install -t php8.2 php8.2-gd php8.2-mysql php8.2-curl php8.2-zip php8.2-ldap php8.2-mbstring php8.2-imagick php8.2-intl php8.2-xml php8.2-dom php8.2-xmlreader php8.2-xmlwriter php8.2-gettext php8.2-json php8.2-gd php8.2-bcmath php8.2-cgi php8.2-gmp php8.2-common php8.2-fpm php-pear unzip wget curl javascript-common libjs-jquery-mousewheel libjs-jquery libmagic1 tinymce
+    apt_install php8.2 php8.2-gd php8.2-mysql php8.2-curl php8.2-zip php8.2-ldap php8.2-mbstring php8.2-imagick php8.2-intl php8.2-xml php8.2-dom php8.2-xmlreader php8.2-xmlwriter php8.2-gettext php8.2-json php8.2-gd php8.2-bcmath php8.2-cgi php8.2-gmp php8.2-common php8.2-fpm php-pear unzip wget curl javascript-common libjs-jquery-mousewheel libjs-jquery libmagic1 tinymce
    echo -e "[${green}DONE${NC}]"
    echo -e "$IDENTATION_LVL_2 Installing required PHP pear packages... "