Upgrade to PHP 8.1 when installing NC >= 24 (#1554)

* Update nextcloud to 24.0.4 * ncp-update-nc: Upgrade php to version 8.1 when installing NC >= 24 * ncp-update-nc: Use /etc/shadow workaround for installing systemd * ncp-update-nc: Run nc-limits after php upgrade * ncp-update-nc: Rollback after failed php upgrade * ncp-update-nc: Add success message * ncp-update-nc: Prevent installation of NC >= 24 on debian 10/PHP <= 7.3 * lamp.sh: Install php8.1 from sury.org * lamp.sh: Use /etc/shadow workaround for installing systemd * Dockerfile: Install wget, ca-certificates, lsb-release and procps before installing lamp.sh * Dockerfile: Make sure, ncp-templates are available when installing lamp.sh * Migrate all scripts to use template for writing opcache.ini and get_nc_config_value for retrieving datadir * nc-nextcloud.sh Fix crash if nc-datadir has not been installed yet * opcache.ini.sh: Don't try to get tmpl values from nc-datadir in containers
2026-01-09 06:32:00 -03:30 · 2022-09-15 17:21:58 +02:00 · 2022-09-15 17:21:58 +02:00 · b675d61e61
commit b675d61e61
parent 6cd3b16de6
41 changed files with 430 additions and 200 deletions
--- a/.github/workflows/build-docker.yml
+++ b/.github/workflows/build-docker.yml
@ -35,14 +35,6 @@ jobs:
    steps:
      - name: Set up QEMU
        uses: docker/setup-qemu-action@v1
-      - name: debugging
-        run: |
-          mount
-          echo 'DOCKER_OPTS="--storage-driver=devicemapper"' | sudo tee -a /etc/default/docker
-          sudo apt-get update && sudo apt-get -y upgrade
-          sudo systemctl restart docker
-          sudo apt-get install -y qemu-user-static
-          docker run --rm -v /usr/bin/qemu-arm-static:/usr/bin/qemu-arm-static arm32v7/debian:bullseye-slim bash -c 'apt-get update && apt-get install -y apache2 && apache2ctl -V' || true
      - name: Setup Docker Buildx
        uses: docker/setup-buildx-action@v1

--- a/bin/ncp-diag
+++ b/bin/ncp-diag
@ -19,8 +19,7 @@ echo "NextCloudPi version|$( cat /usr/local/etc/ncp-version )"
 echo "OS|$(cat /etc/issue  | sed 's| \\n \\l||'). $(uname -r) ($(uname -m))"

 # Data
-DATADIR="$( grep datadirectory /var/www/nextcloud/config/config.php |
-	    awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1 )"
+DATADIR="$( get_nc_config_value datadirectory )"
 test -d "$DATADIR" || DIRINFO=" (doesn't exist)"
 USBDEVS="$( lsblk -S -o  NAME,TRAN | awk '{ if ( $2 == "usb" ) print $1; }' | tr '\n' ' ' )"
 [[ "$USBDEVS" == "" ]] && USBDEVS="none"
--- a/bin/ncp-dist-upgrade
+++ b/bin/ncp-dist-upgrade
@ -95,20 +95,6 @@ $APTINSTALL -t ${release_new} php${php_ver_new}-gmp
 apt-get autoremove -y
 apt-get clean

-# configure latest PHP version
-cat > /etc/php/${php_ver_new}/mods-available/opcache.ini <<EOF
-zend_extension=opcache.so
-opcache.enable=1
-opcache.enable_cli=1
-opcache.fast_shutdown=1
-opcache.interned_strings_buffer=8
-opcache.max_accelerated_files=10000
-opcache.memory_consumption=128
-opcache.save_comments=1
-opcache.revalidate_freq=1
-opcache.file_cache=/tmp;
-EOF
-
 cat > /etc/php/${php_ver_new}/fpm/conf.d/90-ncp.ini <<EOF
 ; disable .user.ini files for performance and workaround NC update bugs
 user_ini.filename =
@ -136,6 +122,8 @@ is_active_app unattended-upgrades && run_app unattended-upgrades || true

 # mark as successful
 mv "${new_cfg}" "${old_cfg}"
+install_template "php/opcache.ini.sh" "/etc/php/${php_ver_new}/mods-available/opcache.ini" --defaults
+service "php${php_ver_new}-fpm" restart

 source /usr/local/etc/library.sh # refresh NCPCFG RELEASE PHPVER
 run_app nc-limits
--- a/bin/ncp-report
+++ b/bin/ncp-report
@ -62,8 +62,9 @@ close_summary

 ##

-DATADIR="$( grep datadirectory /var/www/nextcloud/config/config.php |
-            awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1 )"
+DATADIR="$( get_nc_config_value datadirectory ||
+            grep datadirectory /var/www/nextcloud/config/config.php |
+              awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1 )"

 open_summary "Nextcloud logs"
 tail -20 "$DATADIR"/nextcloud.log
--- a/bin/ncp-update-nc
+++ b/bin/ncp-update-nc
@ -29,7 +29,7 @@ source /usr/local/etc/library.sh
 [[ "$VER" == "" ]] && { echo "Usage ${BIN} <version>"; exit 1; }
 [[ -f /.docker-image ]] && BASEDIR=/data || BASEDIR=/var/www
 cd "$BASEDIR"
-DATADIR="$( grep datadirectory nextcloud/config/config.php | awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1 )"
+DATADIR="$( get_nc_config_value datadirectory )"
 ncc status &>/dev/null          || { echo "Nextcloud is currently down"; exit 1; }
 [[ -d /var/www/nextcloud-old ]] && { echo "Nextcloud backup directory found. Interrupted or already running installation?"; exit 1; }
 [[ -d /var/www/nextcloud     ]] || { echo "Nextcloud directory not found"      ; exit 1; }
@ -48,6 +48,12 @@ if [[ $((MAJOR_NEW - MAJOR_CUR)) -gt 1 ]]; then
  exit 1
 fi

+if [[ "$MAJOR_NEW" -ge 24 ]] && [[ "$(lsb_release -r)" =~ .*10 ]]
+then
+  echo -e "Nextcloud version greater than 23 are not supported with Debian 10 (Buster). Please run ncp-dist-upgrade."
+  exit 1
+fi
+
 grep -qP "\d+\.\d+\.\d+" <<<"$CURRENT" || { echo "Malformed version $CURRENT"; exit 1; }
 grep -qP "\d+\.\d+\.\d+" <<<"$VER"     || { echo "Malformed version $VER"    ; exit 1; }

@ -55,6 +61,12 @@ echo "Current   Nextcloud version $CURRENT"
 echo "Available Nextcloud version $VER"
 is_more_recent_than "${VER}" "${CURRENT}" || { echo "Nothing to update"; exit 1; } # we want `exit 1` so the autoupdate doesn't notify success in this case

+if ! is_more_recent_than "24.0.0" "${VER}" && is_more_recent_than "7.4.0" "${PHPVER}.0"
+then
+  echo -e "Upgrading to Nextcloud versions > 23 requires the latest debian and PHP versions. Please run \`ncp-dist-upgrade\` and then run the update again."
+  exit 1
+fi
+
 # make sure that cron.php is not running and there are no pending jobs
 # https://github.com/nextcloud/server/issues/10949
 pgrep -cf cron.php &>/dev/null && { pkill -f cron.php; sleep 3; }
@ -179,7 +191,6 @@ $ncc | grep -q db:add-missing-columns && $ncc db:add-missing-columns -n
 $ncc | grep -q db:add-missing-primary-keys && $ncc db:add-missing-primary-keys -n
 $ncc | grep -q db:convert-filecache-bigint && $ncc db:convert-filecache-bigint -n

-
 # use the correct version for custom apps
 NCVER="$(ncc status | grep "version:" | awk '{ print $3 }')"
 if is_more_recent_than "21.0.0" "${NCVER}"; then
@ -189,7 +200,7 @@ else
  if ! is_app_enabled notify_push; then
    ncc app:install notify_push
    ncc app:enable  notify_push
-    bash /usr/local/etc/ncp-templates/nextcloud.conf.sh > /etc/apache2/sites-available/nextcloud.conf
+    install_template nextcloud.conf.sh /etc/apache2/sites-available/nextcloud.conf
    a2enmod proxy proxy_http proxy_wstunnel
    apachectl -k graceful
    ## make sure the notify_push daemon is runnnig
@ -224,9 +235,80 @@ fi
 rm -rf /var/www/nextcloud/apps/previewgenerator
 ln -snf "${NCPREV}" /var/www/nextcloud/apps/previewgenerator

+
+if ! is_more_recent_than "24.0.0" "${NCVER}" && is_more_recent_than "8.1.0" "${PHPVER}.0"
+then
+  (
+  echo "Upgrading PHP..."
+  export DEBIAN_FRONTEND=noninteractive
+  PHPVER_OLD="$PHPVER"
+  PHPVER_NEW="8.1"
+  PHP_PACKAGES_OLD=(php-{common,igbinary,redis} "php${PHPVER_OLD}" \
+    "php${PHPVER_OLD}"-{curl,gd,fpm,cli,opcache,mbstring,xml,zip,fileinfo,ldap,intl,bz2,json,common,readline,mysql,bcmath,gmp})
+  PHP_PACKAGES_NEW=("php${PHPVER_NEW}" php-json \
+    "php${PHPVER_NEW}"-{curl,gd,fpm,cli,opcache,mbstring,xml,zip,fileinfo,ldap,intl,bz2,mysql,bcmath,gmp,redis,common})
+
+  php_restore() {
+    trap "" INT TERM HUP ERR
+    echo "Something went wrong while upgrading PHP. Rolling back to version ${PHPVER_OLD}..."
+    set +e
+    service "php${PHPVER_NEW}-fpm" stop
+    a2disconf php${PHPVER_NEW}-fpm
+    rm /etc/apt/sources.list.d/php.list
+    apt-get update
+    apt-get remove --purge -y "${PHP_PACKAGES_NEW[@]}" systemd
+    apt-get install -y --no-install-recommends -t "$RELEASE" "${PHP_PACKAGES_OLD[@]}"
+    set_ncpcfg "php_version" "${PHPVER_OLD}"
+    install_template "php/opcache.ini.sh" "/etc/php/${PHPVER_NEW}/mods-available/opcache.ini"
+    run_app nc-limits
+    a2enconf "php${PHPVER_OLD}-fpm"
+    service "php${PHPVER_OLD}-fpm" start
+    service apache2 restart
+    echo "PHP upgrade has been successfully reverted"
+    set -e
+  }
+
+  trap php_restore INT TERM HUP ERR
+
+  # Setup apt repository for php 8
+  wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+  echo "deb https://packages.sury.org/php/ ${RELEASE%-security} main" > /etc/apt/sources.list.d/php.list
+  apt-get update
+
+  echo "Stopping apache and  php-fpm..."
+  service "php${PHPVER_OLD}-fpm" stop
+  service apache2 stop
+
+  echo "Remove old PHP (${PHPVER_OLD})..."
+  a2disconf "php${PHPVER_OLD}-fpm"
+
+  apt-get remove --purge -y "${PHP_PACKAGES_OLD[@]}"
+
+  echo "Install PHP ${PHPVER_NEW}..."
+  install_with_shadow_workaround --no-install-recommends systemd
+  apt-get install -y --no-install-recommends -t "$RELEASE" "${PHP_PACKAGES_NEW[@]}"
+
+  set_ncpcfg "php_version" "${PHPVER_NEW}"
+  install_template "php/opcache.ini.sh" "/etc/php/${PHPVER_NEW}/mods-available/opcache.ini"
+  ( export PHPVER="${PHPVER_NEW}"; run_app nc-limits )
+  a2enconf php${PHPVER_NEW}-fpm
+
+  echo "Starting apache and php-fpm..."
+  service "php${PHPVER_NEW}-fpm" start
+  service apache2 start
+  ncc status
+  )
+
+  # Reload library.sh to reset PHPVER
+  source /usr/local/etc/library.sh
+
+fi
+
+
 # refresh completions
 ncc _completion -g --shell-type bash -p ncc | sed 's|/var/www/nextcloud/occ|ncc|g' > /usr/share/bash-completion/completions/ncp

+echo "Update completed successfully."
 # done
 ####################
 mkdir -p  "$DATADIR"/ncp-update-backups
--- a/bin/ncp/BACKUPS/nc-backup.sh
+++ b/bin/ncp/BACKUPS/nc-backup.sh
@ -43,7 +43,7 @@ occ="sudo -u www-data php /var/www/nextcloud/occ"

 [[ "$compress" == "yes" ]] && destfile="$destfile".gz

-datadir=$( $occ config:system:get datadirectory ) || {
+datadir=$( get_nc_config_value datadirectory ) || {
  echo "Error reading data directory. Is NextCloud running and configured?";
  exit 1;
 }
--- a/bin/ncp/BACKUPS/nc-restore-snapshot.sh
+++ b/bin/ncp/BACKUPS/nc-restore-snapshot.sh
@ -16,7 +16,7 @@ configure()
  [[ -d "$SNAPSHOT" ]] || { echo "$SNAPSHOT doesn't exist"; return 1; }

  local datadir mountpoint
-  datadir=$( ncc config:system:get datadirectory ) || {
+  datadir=$( get_nc_config_value datadirectory ) || {
    echo -e "Error reading data directory. Is NextCloud running?";
    return 1;
  }
--- a/bin/ncp/BACKUPS/nc-restore.sh
+++ b/bin/ncp/BACKUPS/nc-restore.sh
@ -96,7 +96,7 @@ mysql -u root nextcloud <  "$TMPDIR"/nextcloud-sqlbkp_*.bak || { echo "Error res
 if is_docker; then
  DATADIR=/data/nextcloud/data
 else
-  DATADIR="$(grep datadirectory "$NCDIR"/config/config.php | awk '{ print $3 }' | grep -oP "[^']*[^']" | head -1)"
+  DATADIR="$(get_nc_config_value datadirectory)"
 fi
 [[ "$DATADIR" == "" ]] && { echo "Error reading data directory"; exit 1; }

@ -107,7 +107,7 @@ cd "$NCDIR"
 NUMFILES=2
 if [[ $( ls "$TMPDIR" | wc -l ) -eq $NUMFILES ]]; then

-  [[ -e "$DATADIR" ]] && { 
+  [[ -e "$DATADIR" ]] && {
    echo "backing up existing $DATADIR to $DATADIR-$( date "+%m-%d-%y" )..."
    mv "$DATADIR" "$DATADIR-$( date "+%m-%d-%y" )" || exit 1
  }
@ -149,7 +149,7 @@ fi
 sed -i "s|'datadirectory' =>.*|'datadirectory' => '${DATADIR}',|" "${NCDIR}"/config/config.php

 # Just in case we moved the opcache dir
-sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$DATADIR/.opcache|" /etc/php/${PHPVER}/mods-available/opcache.ini
+install_template "php/opcache.ini.sh" "/etc/php/${PHPVER}/mods-available/opcache.ini"

 # tmp upload dir
 mkdir -p "$DATADIR/tmp"
--- a/bin/ncp/BACKUPS/nc-rsync-auto.sh
+++ b/bin/ncp/BACKUPS/nc-rsync-auto.sh
@ -16,14 +16,14 @@ install()

 configure()
 {
-  [[ $ACTIVE != "yes" ]] && { 
+  [[ $ACTIVE != "yes" ]] && {
    rm -f /etc/cron.d/ncp-rsync-auto
    echo "automatic rsync disabled"
    return 0
  }

  local DATADIR
-  DATADIR=$( ncc config:system:get datadirectory ) || {
+  DATADIR=$( get_nc_config_value datadirectory ) || {
    echo -e "Error reading data directory. Is NextCloud running and configured?";
    return 1;
  }
--- a/bin/ncp/BACKUPS/nc-rsync.sh
+++ b/bin/ncp/BACKUPS/nc-rsync.sh
@ -19,7 +19,7 @@ configure()
  save_maintenance_mode

  local DATADIR
-  DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || {
+  DATADIR=$( get_nc_config_value datadirectory ) || {
    echo -e "Error reading data directory. Is NextCloud running and configured?";
    return 1;
  }
--- a/bin/ncp/BACKUPS/nc-snapshot-auto.sh
+++ b/bin/ncp/BACKUPS/nc-snapshot-auto.sh
@ -26,7 +26,7 @@ configure()

  cat > /etc/cron.hourly/btrfs-snp <<EOF
 #!/bin/bash
-DATADIR=\$(ncc config:system:get datadirectory) || {
+DATADIR=\$(get_nc_config_value datadirectory) || {
  echo -e "Error reading data directory. Is NextCloud running and configured?";
  exit 1;
 }
--- a/bin/ncp/BACKUPS/nc-snapshot.sh
+++ b/bin/ncp/BACKUPS/nc-snapshot.sh
@ -20,7 +20,7 @@ configure()
  save_maintenance_mode

  local DATADIR MOUNTPOINT
-  DATADIR=$( ncc config:system:get datadirectory ) || {
+  DATADIR=$( get_nc_config_value datadirectory ) || {
    echo -e "Error reading data directory. Is NextCloud running?";
    return 1;
  }
--- a/bin/ncp/CONFIG/nc-database.sh
+++ b/bin/ncp/CONFIG/nc-database.sh
@ -15,6 +15,12 @@ is_active()
  [[ "$SRCDIR" != "/var/lib/mysql" ]]
 }

+tmpl_db_dir() {
+  if is_active_app nc-database; then
+    find_app_param nc-database DBDIR
+  fi
+}
+
 configure()
 {
  local SRCDIR=$( grep datadir /etc/mysql/mariadb.conf.d/90-ncp.cnf | awk -F "= " '{ print $2 }' )
@ -25,14 +31,14 @@ configure()
      echo "$DBDIR is not empty"
      return 1
    }
-    rmdir "$DBDIR" 
+    rmdir "$DBDIR"
  }

  local BASEDIR=$( dirname "$DBDIR" )
  mkdir -p "$BASEDIR"

  grep -q -e ext -e btrfs <( stat -fc%T "$BASEDIR" ) || { echo -e "Only ext/btrfs filesystems can hold the data directory"; return 1; }
-  
+
  sudo -u mysql test -x "$BASEDIR" || { echo -e "ERROR: the user mysql does not have access permissions over $BASEDIR"; return 1; }

  [[ $( stat -fc%d / ) == $( stat -fc%d "$BASEDIR" ) ]] && \
@ -42,9 +48,9 @@ configure()

  echo "moving database to $DBDIR..."
  service mysql stop
-  mv "$SRCDIR" "$DBDIR" && \
-    sed -i "s|^datadir.*|datadir = $DBDIR|" /etc/mysql/mariadb.conf.d/90-ncp.cnf
-  service mysql start 
+  mv "$SRCDIR" "$DBDIR"
+  install_template "mysql/90-ncp.cnf.sh" "/etc/mysql/mariadb.conf.d/90-ncp.cnf"
+  service mysql start

  restore_maintenance_mode
 }
--- a/bin/ncp/CONFIG/nc-datadir.sh
+++ b/bin/ncp/CONFIG/nc-datadir.sh
@ -20,6 +20,37 @@ install()
  apt_install btrfs-progs
 }

+tmpl_opcache_dir() {
+  DATADIR="$(get_nc_config_value datadirectory)"
+  echo -n "${DATADIR}/.opcache"
+  #[[ $( stat -fc%d / ) == $( stat -fc%d "$DATADIR" ) ]] && echo "/tmp" || echo "${DATADIR}/.opcache"
+}
+
+tmpl_tmp_upload_dir() {
+  DATADIR="$(get_nc_config_value datadirectory)"
+  echo -n "${DATADIR}/tmp"
+}
+
+create_opcache_dir() {
+  OPCACHE_DIR="$(tmpl_opcache_dir)"
+  mkdir -p "$OPCACHE_DIR"
+  chown -R www-data:www-data "$OPCACHE_DIR"
+  if [[ "$(stat -fc%T "${BASEDIR}")" == "btrfs" ]]
+  then
+    chattr -R +C "$OPCACHE_DIR"
+  fi
+}
+
+create_tmp_upload_dir() {
+  UPLOAD_DIR="$(tmpl_tmp_upload_dir)"
+  mkdir -p "${UPLOAD_DIR}"
+  chown www-data:www-data "${UPLOAD_DIR}"
+  if [[ "$(stat -fc%T "${BASEDIR}")" == "btrfs" ]]
+  then
+    chattr +C "${UPLOAD_DIR}"
+  fi
+}
+
 configure()
 {
  set -e -o pipefail
@ -27,7 +58,7 @@ configure()

  ## CHECKS
  local SRCDIR BASEDIR ENCDIR
-  SRCDIR=$( cd /var/www/nextcloud; ncc config:system:get datadirectory ) || {
+  SRCDIR=$( get_nc_config_value datadirectory ) || {
    echo -e "Error reading data directory. Is NextCloud running and configured?";
    return 1;
  }
@ -98,15 +129,15 @@ configure()
  set_ncpcfg datadir "${DATADIR}"

  # tmp upload dir
-  mkdir -p "${DATADIR}/tmp"
-  chown www-data:www-data "${DATADIR}/tmp"
+  create_tmp_upload_dir
  ncc config:system:set tempdirectory --value "$DATADIR/tmp"
  sed -i "s|^;\?upload_tmp_dir =.*$|uploadtmp_dir = ${DATADIR}/tmp|"  /etc/php/"${PHPVER?}"/cli/php.ini
  sed -i "s|^;\?upload_tmp_dir =.*$|upload_tmp_dir = ${DATADIR}/tmp|" /etc/php/"${PHPVER}"/fpm/php.ini
  sed -i "s|^;\?sys_temp_dir =.*$|sys_temp_dir = ${DATADIR}/tmp|"     /etc/php/"${PHPVER}"/fpm/php.ini

  # opcache dir
-  sed -i "s|^opcache.file_cache=.*|opcache.file_cache=${DATADIR}/.opcache|" /etc/php/"${PHPVER}"/mods-available/opcache.ini
+  create_opcache_dir
+  install_template "php/opcache.ini.sh" "/etc/php/${PHPVER}/mods-available/opcache.ini"

  # update fail2ban logpath
  [[ -f /etc/fail2ban/jail.local ]] && \
--- a/bin/ncp/CONFIG/nc-limits.sh
+++ b/bin/ncp/CONFIG/nc-limits.sh
@ -8,26 +8,48 @@
 # More at https://ownyourbits.com/2017/03/13/nextcloudpi-gets-nextcloudpi-config/
 #

+get_total_mem() {
+  free -b | sed -n 2p | awk '{ print $2 }'
+}
+
+tmpl_innodb_buffer_pool_size() {
+  local TOTAL_MEM="$(get_total_mem)"
+  # DATABASE MEMORY (25%)
+  local AUTOMEM=$(( TOTAL_MEM * 25 / 100 ))
+  # Maximum MySQL Memory Usage = innodb_buffer_pool_size + key_buffer_size + (read_buffer_size + sort_buffer_size) X max_connections
+  # leave 16MiB for key_buffer_size and a bit more
+  AUTOMEM=$(( AUTOMEM - (16 + 32) * 1024 * 1024 ))
+  echo -n "$AUTOMEM"
+}
+
+tmpl_php_max_memory() {
+  local TOTAL_MEM="$( get_total_mem )"
+  local MEMORYLIMIT="$(find_app_param nc-limits MEMORYLIMIT)"
+  [[ "$MEMORYLIMIT" == "0" ]] && echo -n "$(( TOTAL_MEM * 75 / 100 ))" || echo -n "$MEMORYLIMIT"
+}
+
+tmpl_php_max_filesize() {
+  local FILESIZE="$(find_app_param nc-limits MAXFILESIZE)"
+  [[ "$FILESIZE" == "0" ]] && echo -n "10G" || echo -n "$FILESIZE"
+}
+
 configure()
 {
  # Set auto memory limit to 75% of the total memory
-  local TOTAL_MEM="$( free -b | sed -n 2p | awk '{ print $2 }' )"
+  local TOTAL_MEM="$( get_total_mem )"
  # special case of 32bit emulation (e.g. 32bit-docker on 64bit hardware)
  file /bin/bash | grep 64-bit > /dev/null || TOTAL_MEM="$(( 1024 * 1024 * 1024 * 4 ))"
-  AUTOMEM=$(( TOTAL_MEM * 75 / 100 ))
+  local AUTOMEM=$(( TOTAL_MEM * 75 / 100 ))

  # MAX FILESIZE
-  local CONF=/etc/php/${PHPVER}/fpm/conf.d/90-ncp.ini
-  local CURRENT_FILE_SIZE="$( grep "^upload_max_filesize" "$CONF" | sed 's|.*=||' )"
-  [[ "$MAXFILESIZE" == "0" ]] && MAXFILESIZE=10G

  # MAX PHP MEMORY
+  local require_fpm_restart=false
  local CONF=/etc/php/${PHPVER}/fpm/conf.d/90-ncp.ini
-  local CURRENT_PHP_MEM="$( grep "^memory_limit" "$CONF" | sed 's|.*=||' )"
-  [[ "$MEMORYLIMIT" == "0" ]] && MEMORYLIMIT=$AUTOMEM && echo "Using ${AUTOMEM}B for PHP"
-  sed -i "s/^post_max_size=.*/post_max_size=$MAXFILESIZE/"             "$CONF"
-  sed -i "s/^upload_max_filesize=.*/upload_max_filesize=$MAXFILESIZE/" "$CONF"
-  sed -i "s/^memory_limit=.*/memory_limit=$MEMORYLIMIT/"               "$CONF"
+  local CONF_VALUE="$(cat "$CONF" || true)"
+  echo "Using $(tmpl_php_max_memory) for PHP max memory"
+  install_template "php/90-ncp.ini.sh" "$CONF"
+  [[ "$CONF_VALUE" == "$(cat "$CONF")" ]] || require_fpm_restart=true

  # MAX PHP THREADS
  local CONF=/etc/php/${PHPVER}/fpm/pool.d/www.conf
@ -37,25 +59,15 @@ configure()
  echo "Using $PHPTHREADS PHP threads"
  sed -i "s|^pm =.*|pm = static|"                                "$CONF"
  sed -i "s|^pm.max_children =.*|pm.max_children = $PHPTHREADS|" "$CONF"
+  [[ "$PHPTHREADS"  == "$CURRENT_THREADS"   ]] || require_fpm_restart=true

-  # DATABASE MEMORY (25%)
-  AUTOMEM=$(( TOTAL_MEM * 25 / 100 ))
-  # Maximum MySQL Memory Usage = innodb_buffer_pool_size + key_buffer_size + (read_buffer_size + sort_buffer_size) X max_connections
-  # leave 16MiB for key_buffer_size and a bit more
-  AUTOMEM=$(( AUTOMEM - (16 + 32) * 1024 * 1024 ))
  local CONF=/etc/mysql/mariadb.conf.d/91-ncp.cnf
-  local CURRENT_DB_MEM=$(grep "^innodb_buffer_pool_size" "$CONF" | awk '{ print $3 }')
-  echo "Using $AUTOMEM memory for the database"
-  [[ "$CURRENT_DB_MEM" != "$AUTOMEM" ]] && {
-    sed -i "s|^innodb_buffer_pool_size =.*|innodb_buffer_pool_size = $AUTOMEM|" "$CONF"
-    service mariadb restart
-  }
+  CONF_VALUE="$(cat "$CONF" || true)"
+  install_template "mysql/91-ncp.cnf.sh" "$CONF"
+  [[ "$CONF_VALUE" == "$(cat "$CONF")" ]] || service mariadb restart

  # RESTART PHP
-  [[ "$PHPTHREADS"  != "$CURRENT_THREADS"   ]] || \
-  [[ "$MEMORYLIMIT" != "$CURRENT_PHP_MEM"   ]] || \
-  [[ "$MAXFILESIZE" != "$CURRENT_FILE_SIZE" ]] && \
-    bash -c "sleep 3; service php${PHPVER}-fpm restart" &>/dev/null &
+  [[ "$require_fpm_restart" == "true" ]] && bash -c "sleep 3; service php${PHPVER}-fpm restart" &>/dev/null &

  # redis max memory
  local CONF=/etc/redis/redis.conf
--- a/bin/ncp/CONFIG/nc-nextcloud.sh
+++ b/bin/ncp/CONFIG/nc-nextcloud.sh
@ -14,6 +14,11 @@ REDIS_MEM=3gb
 APTINSTALL="apt-get install -y --no-install-recommends"
 export DEBIAN_FRONTEND=noninteractive

+tmpl_max_transfer_time()
+{
+  find_app_param nc-nextcloud MAXTRANSFERTIME
+}
+
 install()
 {
  # During build, this step is run before ncp.sh. Avoid executing twice
@ -145,10 +150,18 @@ configure()
  fi

  # create and configure opcache dir
-  local OPCACHEDIR=/var/www/nextcloud/data/.opcache
-  sed -i "s|^opcache.file_cache=.*|opcache.file_cache=$OPCACHEDIR|" /etc/php/${PHPVER}/mods-available/opcache.ini
-  mkdir -p $OPCACHEDIR
-  chown -R www-data:www-data $OPCACHEDIR
+  local OPCACHEDIR="$(
+    # shellcheck disable=SC2015
+    [ -f "${BINDIR}/CONFIG/nc-datadir.sh" ] && { source "${BINDIR}/CONFIG/nc-datadir.sh"; tmpl_opcache_dir; } || true
+  )"
+  if [[ -z "${OPCACHEDIR}" ]]
+  then
+    install_template "php/opcache.ini.sh" "/etc/php/${PHPVER}/mods-available/opcache.ini" --defaults
+  else
+    mkdir -p "$OPCACHEDIR"
+    chown -R www-data:www-data "$OPCACHEDIR"
+    install_template "php/opcache.ini.sh" "/etc/php/${PHPVER}/mods-available/opcache.ini"
+  fi

  ## RE-CREATE DATABASE TABLE
  # launch mariadb if not already running (for docker build)
--- a/bin/ncp/NETWORKING/samba.sh
+++ b/bin/ncp/NETWORKING/samba.sh
@ -1,6 +1,6 @@
 #!/bin/bash

-# SAMBA server for Raspbian 
+# SAMBA server for Raspbian
 #
 # Copyleft 2017 by Ignacio Nunez Hernanz <nacho _a_t_ ownyourbits _d_o_t_ com>
 # GPL licensed (see end of file) * Use at your own risk!
@ -33,26 +33,26 @@ EOF

 configure()
 {
-  [[ $ACTIVE != "yes" ]] && { 
+  [[ $ACTIVE != "yes" ]] && {
    service smbd stop
    update-rc.d smbd disable
    update-rc.d nmbd disable
    echo "SMB disabled"
    return
-  } 
+  }

  # CHECKS
  ################################
  local DATADIR
-  DATADIR=$( sudo -u www-data php /var/www/nextcloud/occ config:system:get datadirectory ) || {
-    echo -e "Error reading data directory. Is NextCloud running and configured?"; 
+  DATADIR=$( get_nc_config_value datadirectory ) || {
+    echo -e "Error reading data directory. Is NextCloud running and configured?";
    return 1;
  }
  [ -d "$DATADIR" ] || { echo -e "data directory $DATADIR not found"   ; return 1; }

  # CONFIG
  ################################
-  
+
  # remove files from this line to the end
  sed -i '/# NextCloudPi automatically/,/\$/d' /etc/samba/smb.conf

@ -63,7 +63,7 @@ EOF

  # create a share per Nextcloud user
  local USERS=()
-  while read -r path; do 
+  while read -r path; do
    USERS+=( "$( basename "$(dirname "$path")" )" )
  done < <( ls -d "$DATADIR"/*/files )

--- a/bin/ncp/SYSTEM/metrics.sh
+++ b/bin/ncp/SYSTEM/metrics.sh
@ -1,10 +1,5 @@
 #!/bin/bash

-apt_install_with_recommends() {
-  apt-get update --allow-releaseinfo-change
-  DEBIAN_FRONTEND=noninteractive apt-get install -y -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" "$@"
-}
-
 is_supported() {
  [[ "${DOCKERBUILD:-0}" == 1 ]] && [[ "$(lsb_release -r)" =~ .*10 ]] && return 1
  return 0
@ -111,26 +106,8 @@ EOF
  # shellcheck disable=SC2016
  sed -i 's|status_of_proc "$DAEMON" "$NAME" ${PIDFILE:="-p ${PIDFILE}"}|status_of_proc ${PIDFILE:+-p "$PIDFILE"} "$DAEMON" "$NAME"|' /lib/init/init-d-script

-  if is_docker
-  then
-    # during installation of prometheus-node-exporter `useradd` is used to create a user.
-    # However, `useradd` doesn't the symlink in /etc/shadow, so we need to temporarily move it back
-    restore_shadow=true
-    [[ -L /etc/shadow ]] || restore_shadow=false
-    [[ "$restore_shadow" == "false" ]] || {
-      trap "mv /etc/shadow /data/etc/shadow; ln -s /data/etc/shadow /etc/shadow" EXIT
-      rm /etc/shadow
-      cp /data/etc/shadow /etc/shadow
-    }
-    apt_install_with_recommends prometheus-node-exporter
-    [[ "$restore_shadow" == "false" ]] || {
-      mv /etc/shadow /data/etc/shadow
-      ln -s /data/etc/shadow /etc/shadow
-    }
-    trap - EXIT
-  else
-    apt_install_with_recommends prometheus-node-exporter
-  fi
+  apt-get update --allow-releaseinfo-change
+  install_with_shadow_workaround -o Dpkg::Options::=--force-confdef -o Dpkg::Options::="--force-confold" prometheus-node-exporter

  if is_docker
  then
--- a/bin/ncp/TOOLS/nc-fix-permissions.sh
+++ b/bin/ncp/TOOLS/nc-fix-permissions.sh
@ -9,10 +9,10 @@
 #


-configure() 
+configure()
 {
  local DATADIR
-  DATADIR=$( cd /var/www/nextcloud; sudo -u www-data php occ config:system:get datadirectory ) || {
+  DATADIR=$( get_nc_config_value datadirectory ) || {
    echo "data directory not found";
    return 1;
  }
--- a/bin/ncp/TOOLS/nc-format-USB.sh
+++ b/bin/ncp/TOOLS/nc-format-USB.sh
@ -50,7 +50,7 @@ configure()
    return 1;
  }

-  DATADIR="$(ncc config:system:get datadirectory || true)"
+  DATADIR="$(get_nc_config_value datadirectory || true)"
  if [[ $( stat -fc%d / ) != $( stat -fc%d "$DATADIR" ) ]] || [[ -z "$DATADIR" ]] && [[ "$ALLOW_DATA_DIR_REMOVAL" != "yes" ]]
  then
    echo "ERROR: Data directory is on USB drive (or can't be determined) and removal of data directory was not explicitly allowed." \
--- a/bin/ncp/TOOLS/nc-previews.sh
+++ b/bin/ncp/TOOLS/nc-previews.sh
@ -18,7 +18,7 @@ configure()

  [[ "$CLEAN" == "yes" ]] && {
    local datadir
-    datadir=$( ncc config:system:get datadirectory ) || {
+    datadir=$( get_nc_config_value datadirectory ) || {
      echo "data directory not found";
      return 1;
    }
--- a/build/build-LXC.sh
+++ b/build/build-LXC.sh
@ -33,12 +33,13 @@ prepare_dirs                   # tmp cache output

 # TODO sudo
 sudo lxc-destroy ncp -f
-sudo lxc-create -n ncp -t download -B btrfs -- --dist debian --release buster --arch amd64 # TODO vars for distro and stuff 
+sudo lxc-create -n ncp -t download -B btrfs -- --dist debian --release buster --arch amd64 # TODO vars for distro and stuff
 sudo cp lxc_config /var/lib/lxc/ncp/config
 sudo lxc-start -n ncp
 sudo lxc-attach -n ncp --clear-env -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done'
 sudo lxc-attach -n ncp --clear-env -- CODE_DIR="$(pwd)" bash /build/install.sh
 sudo lxc-attach -n ncp --clear-env -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh'
+sudo lxc-attach -n ncp --clear-env -- bash -c "echo '$(basename "$IMG")' > /usr/local/etc/ncp-baseimage"
 sudo lxc-attach -n ncp --clear-env -- poweroff

 exit 0 # TODO
--- a/build/build-LXD.sh
+++ b/build/build-LXD.sh
@ -37,6 +37,7 @@ lxc config device add ncp buildcode disk source="$(pwd)" path=/build
 lxc exec ncp -- bash -c 'while [ "$(systemctl is-system-running 2>/dev/null)" != "running" ] && [ "$(systemctl is-system-running 2>/dev/null)" != "degraded" ]; do :; done'
 lxc exec ncp -- bash -c 'CODE_DIR=/build DBG=x bash /build/install.sh'
 lxc exec ncp -- bash -c 'source /build/etc/library.sh; run_app_unsafe /build/post-inst.sh'
+lxc exec ncp -- bash -c "echo '$(basename "$IMG")' > /usr/local/etc/ncp-baseimage"
 lxc stop ncp
 lxc config device remove ncp buildcode
 lxc publish -q ncp -f --alias ncp/"${version}"
--- a/build/build-SD-rpi.sh
+++ b/build/build-SD-rpi.sh
@ -92,6 +92,8 @@ PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin \
    rm -rf /tmp/ncp-build
 EOFCHROOT

+basename "$IMG" > raspbian_root/usr/local/etc/ncp-baseimage
+
 trap '' EXIT
 clean_chroot_raspbian

--- a/build/build-VM.sh
+++ b/build/build-VM.sh
@ -16,7 +16,7 @@ echo -e "\e[1m\n[ Build NCP VM ]\e[0m"
 IP=${1:-192.168.0.145}      # For QEMU automated testing (optional)
 SIZE=3G                     # Raspbian image size
 #CLEAN=0                    # Pass this envvar to skip cleaning download cache
-IMG="NextCloudPi_VM_$( date  "+%m-%d-%y" ).img"
+IMG="${IMG:-NextCloudPi_VM_$( date  "+%m-%d-%y" ).img}"
 IMG=tmp/"$IMG"
 VM="/var/lib/libvirt/images/ncp-vm.img"

--- a/build/docker/Dockerfile
+++ b/build/docker/Dockerfile
@ -30,13 +30,14 @@ SHELL ["/bin/bash", "-c"]
 ENV DOCKERBUILD 1

 COPY etc/ncp.cfg etc/library.sh lamp.sh /usr/local/etc/
+COPY etc/ncp-templates /usr/local/etc/ncp-templates

 RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
 set -e; \

 # installation
 apt-get update; \
-apt-get install --no-install-recommends -y jq; \
+apt-get install --no-install-recommends -y jq wget procps ca-certificates lsb-release; \

 source /usr/local/etc/library.sh; \
 set +x; \
@ -48,7 +49,7 @@ mysqladmin -u root shutdown; \
 # mariaDB fixups (move database to /data-ro, which will be in a persistent volume)
 mkdir -p /data-ro /data; \
 mv /var/lib/mysql /data-ro/database; \
-sed -i "s|^datadir.*|datadir = /data-ro/database|" /etc/mysql/mariadb.conf.d/90-ncp.cnf; \
+install_template "mysql/90-ncp.cnf.sh" "/etc/mysql/mariadb.conf.d/90-ncp.cnf" \

 # package cleanup
 apt-get autoremove -y; \
@ -83,7 +84,6 @@ ENV DOCKERBUILD 1
 COPY etc/library.sh /usr/local/etc/
 COPY bin/ncp/CONFIG/nc-nextcloud.sh /
 COPY etc/ncp-config.d/nc-nextcloud.cfg /usr/local/etc/ncp-config.d/
-COPY etc/ncp-templates /usr/local/etc/ncp-templates

 RUN --mount=type=cache,target=/var/cache/apt --mount=type=cache,target=/var/lib/apt \
 set -e; \
@ -96,7 +96,7 @@ touch /.docker-image; \

 # installation ( /var/www/nextcloud -> /data/app which will be in a volume )
 apt-get update; \
-apt-get install --no-install-recommends -y wget ca-certificates sudo jq; \
+apt-get install --no-install-recommends -y sudo jq; \
 source /usr/local/etc/library.sh; \
 install_app /nc-nextcloud.sh; \
 run_app_unsafe /nc-nextcloud.sh; \
--- a/build/docker/lamp/010lamp
+++ b/build/docker/lamp/010lamp
@ -31,7 +31,7 @@ echo "Starting Apache"
 /usr/sbin/apache2ctl start

 # adjust the dbdir to the persistent storage
-sed -i "s|^datadir.*|datadir = /data/database|" /etc/mysql/mariadb.conf.d/90-ncp.cnf
+install_template "mysql/90-ncp.cnf.sh" "/etc/mysql/mariadb.conf.d/90-ncp.cnf"

 # start
 echo "Starting mariaDB"
--- a/build/docker/nextcloud/020nextcloud
+++ b/build/docker/nextcloud/020nextcloud
@ -71,8 +71,10 @@ echo "Configuring Domain"
 bash /usr/local/bin/nextcloud-domain.sh

 # Trusted Domain (as an argument)
-[[ "$2" != "" ]] && \
+[[ -z "$2" ]] || {
  ncc config:system:set trusted_domains 6 --value="$2"
+  ncc notify_push:self-test > /dev/null 2>&1 || ncc notify_push:setup "https://$2/push"
+}

 echo "Nextcloud version $(nc_version). NextCloudPi version $(cat /usr/local/etc/ncp-version)"

--- a/etc/library.sh
+++ b/etc/library.sh
@ -217,7 +217,7 @@ install_template() {
      { bash "/usr/local/etc/ncp-templates/$template" --defaults > "$target"; } 2>&1
    else
      { bash "/usr/local/etc/ncp-templates/$template" > "$target"; } 2>&1 || \
-        if [[ "${3:}" == "--allow-fallback" ]]; then
+        if [[ "${3:-}" == "--allow-fallback" ]]; then
          { bash "/usr/local/etc/ncp-templates/$template" --defaults > "$target"; } 2>&1
        fi
    fi
@ -385,6 +385,26 @@ function persistent_cfg()
  ln -s "$DST" "$SRC"
 }

+function install_with_shadow_workaround()
+{
+  # Subshell to trap trap :P
+  (
+    restore_shadow=true
+    [[ -L /etc/shadow ]] || restore_shadow=false
+    [[ "$restore_shadow" == "false" ]] || {
+      trap "mv /etc/shadow /data/etc/shadow; ln -s /data/etc/shadow /etc/shadow" EXIT
+      rm /etc/shadow
+      cp /data/etc/shadow /etc/shadow
+    }
+    DEBIAN_FRONTEND=noninteractive apt-get install -y "$@"
+    [[ "$restore_shadow" == "false" ]] || {
+      mv /etc/shadow /data/etc/shadow
+      ln -s /data/etc/shadow /etc/shadow
+    }
+    trap - EXIT
+  )
+}
+
 function is_more_recent_than()
 {
  local version_A="$1"
@ -470,7 +490,7 @@ function apt_install()
 }

 function is_docker() {
-  [[ -f /.dockerenv ]] || [[ "$DOCKERBUILD" == 1 ]]
+  [[ -f /.dockerenv ]] || [[ -f /.docker-image ]] || [[ "$DOCKERBUILD" == 1 ]]
 }

 function is_lxc() {
@ -525,6 +545,11 @@ function get_ncpcfg()
  jq -r ".${name}" < "${NCPCFG}"
 }

+function get_nc_config_value() {
+  sudo -u www-data php -r "include(\"/var/www/nextcloud/config/config.php\"); echo(\$CONFIG[\"${1?Missing required argument: config key}\"]);"
+  #ncc config:system:get "${1?Missing required argument: config key}"
+}
+
 # License
 #
 # This script is free software; you can redistribute it and/or modify it
--- a/etc/ncp-config.d/nc-nextcloud.cfg
+++ b/etc/ncp-config.d/nc-nextcloud.cfg
@ -9,7 +9,7 @@
    {
      "id": "VER",
      "name": "Version",
-      "value": "24.0.3"
+      "value": "24.0.4"
    },
    {
      "id": "MAXFILESIZE",
--- a/etc/ncp-templates/apache2/http2.conf.sh
+++ b/etc/ncp-templates/apache2/http2.conf.sh
@ -0,0 +1,29 @@
+#! /bin/bash
+
+set -e
+source /usr/local/etc/library.sh
+
+cat > /etc/apache2/conf-available/http2.conf <<EOF
+Protocols h2 h2c http/1.1
+
+# HTTP2 configuration
+H2Push          on
+H2PushPriority  *                       after
+H2PushPriority  text/css                before
+H2PushPriority  image/jpeg              after   32
+H2PushPriority  image/png               after   32
+H2PushPriority  application/javascript  interleaved
+
+# SSL/TLS Configuration
+SSLProtocol -all +TLSv1.2 +TLSv1.3
+SSLHonorCipherOrder on
+SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
+SSLCompression          off
+SSLSessionTickets       on
+
+# OCSP Stapling
+SSLUseStapling          on
+SSLStaplingResponderTimeout 5
+SSLStaplingReturnResponderErrors off
+SSLStaplingCache        shmcb:/var/run/ocsp(128000)
+EOF
--- a/etc/ncp-templates/mysql/90-ncp.cnf.sh
+++ b/etc/ncp-templates/mysql/90-ncp.cnf.sh
@ -0,0 +1,28 @@
+#! /bin/bash
+
+set -e
+source /usr/local/etc/library.sh
+
+if [[ "$1" == "--defaults" ]]
+then
+  echo -e "INFO: Restoring template to default settings"
+  DB_DIR=/var/lib/mysql
+else
+  if [[ "$DOCKERBUILD" -eq 1 ]]
+  then
+    echo -e "INFO: Docker build detected."
+    DB_DIR=/data-ro/database
+  elif is_docker
+  then
+    echo -e "INFO: Docker container detected."
+    DB_DIR=/data/database
+  else
+    DB_DIR="$(source "${BINDIR}/CONFIG/nc-database.sh"; tmpl_db_dir)"
+  fi
+fi
+
+# configure MariaDB (UTF8 4 byte support)
+cat <<EOF
+[mysqld]
+datadir = ${DB_DIR?}
+EOF
--- a/etc/ncp-templates/mysql/91-ncp.cnf.sh
+++ b/etc/ncp-templates/mysql/91-ncp.cnf.sh
@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+set -e
+source /usr/local/etc/library.sh
+
+if [[ "$1" == "--defaults" ]]
+then
+  echo -e "INFO: Restoring template to default settings"
+  INNODB_BUFFER_POOL_SIZE=256M
+else
+  INNODB_BUFFER_POOL_SIZE="$(source "${BINDIR}/CONFIG/nc-limits.sh"; tmpl_innodb_buffer_pool_size)"
+fi
+
+cat > /etc/mysql/mariadb.conf.d/91-ncp.cnf <<EOF
+[mysqld]
+transaction_isolation = READ-COMMITTED
+innodb_large_prefix=true
+innodb_file_per_table=1
+innodb_file_format=barracuda
+
+[server]
+# innodb settings
+skip-name-resolve
+innodb_buffer_pool_size = ${INNODB_BUFFER_POOL_SIZE}
+innodb_buffer_pool_instances = 1
+innodb_flush_log_at_trx_commit = 2
+innodb_log_buffer_size = 32M
+innodb_max_dirty_pages_pct = 90
+innodb_log_file_size = 32M
+
+# disable query cache
+query_cache_type = 0
+query_cache_size = 0
+
+# other
+tmp_table_size= 64M
+max_heap_table_size= 64M
+EOF
--- a/etc/ncp-templates/ncp-metrics.cfg.sh
+++ b/etc/ncp-templates/ncp-metrics.cfg.sh
@ -12,7 +12,7 @@ then
  "backups": []
 }
 EOF
-exit 0
+  exit 0
 fi

 cat <<EOF
@ -53,7 +53,7 @@ EOF

 is_docker || {

-  DATADIR=$( ncc config:system:get datadirectory ) || {
+  DATADIR=$( get_nc_config_value datadirectory ) || {
    echo -e "ERROR: Could not get data directory. Is NextCloud running?";
    return 1;
  }
--- a/etc/ncp-templates/nextcloud.conf.sh
+++ b/etc/ncp-templates/nextcloud.conf.sh
@ -54,7 +54,7 @@ if [[ "$1" != "--defaults" ]] && [[ -n "$LETSENCRYPT_DOMAIN" ]]; then
  # otherwise, in some installs this is the path we use
  [[ -f "${LETSENCRYPT_CERT_BASE_PATH}/fullchain.pem" ]] || {
    if [[ -d "/etc/letsencrypt/live/ncp-nextcloud" ]]; then
-      LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud" 
+      LETSENCRYPT_CERT_BASE_PATH="/etc/letsencrypt/live/ncp-nextcloud"
    fi
  }
 else
@ -140,6 +140,6 @@ cat <<EOF
 EOF

 if ! [[ -f /.ncp-image ]]; then
-  echo "Apache self check:" | tee /var/log/ncp.log >&2
-  apache2ctl -t 2>&1 | tee /var/log/ncp.log >&2
+  echo -e "Apache self check:"
+  apache2ctl -t 1>&2
 fi
--- a/etc/ncp-templates/php/90-ncp.ini.sh
+++ b/etc/ncp-templates/php/90-ncp.ini.sh
@ -0,0 +1,33 @@
+#! /bin/bash
+
+set -e
+source /usr/local/etc/library.sh
+
+MAXTRANSFERTIME="3600"
+if [[ "$1" == "--defaults" ]]
+then
+  MAXFILESIZE="10G"
+  MEMORYLIMIT="768M"
+else
+  MAXFILESIZE="$(source "${BINDIR}/CONFIG/nc-limits.sh" && tmpl_php_max_filesize)"
+  MEMORYLIMIT="$(source "${BINDIR}/CONFIG/nc-limits.sh" && tmpl_php_max_memory)"
+  [[ -f "${BINDIR}/CONFIG/nc-nextcloud.sh" ]] && MAXTRANSFERTIME="$(source "${BINDIR}/CONFIG/nc-nextcloud.sh" && tmpl_max_transfer_time)"
+fi
+
+cat <<EOF
+; disable .user.ini files for performance and workaround NC update bugs
+user_ini.filename =
+
+; from Nextcloud .user.ini
+upload_max_filesize=$MAXFILESIZE
+post_max_size=$MAXFILESIZE
+memory_limit=$MEMORYLIMIT
+mbstring.func_overload=0
+always_populate_raw_post_data=-1
+default_charset='UTF-8'
+output_buffering=0
+
+; slow transfers will be killed after this time
+max_execution_time=$MAXTRANSFERTIME
+max_input_time=$MAXTRANSFERTIME
+EOF
--- a/etc/ncp-templates/php/opcache.ini.sh
+++ b/etc/ncp-templates/php/opcache.ini.sh
@ -0,0 +1,28 @@
+#! /bin/bash
+
+set -e
+source /usr/local/etc/library.sh
+
+PHPVER="${PHPVER?ERROR: PHPVER variable unset!}"
+
+if [[ "$1" == "--defaults" ]] || ! [[ -f "${BINDIR}/CONFIG/nc-datadir.sh" ]]
+then
+  echo -e "INFO: Restoring template to default settings"
+
+  TMP_DIR="/tmp"
+else
+  TMP_DIR="$(source "${BINDIR}/CONFIG/nc-datadir.sh"; tmpl_opcache_dir)"
+fi
+
+cat <<EOF
+zend_extension=opcache.so
+opcache.enable=1
+opcache.enable_cli=1
+opcache.fast_shutdown=1
+opcache.interned_strings_buffer=8
+opcache.max_accelerated_files=10000
+opcache.memory_consumption=128
+opcache.save_comments=1
+opcache.revalidate_freq=1
+opcache.file_cache=${TMP_DIR};
+EOF
--- a/etc/ncp.cfg
+++ b/etc/ncp.cfg
@ -1,5 +1,5 @@
 {
-	"nextcloud_version": "24.0.3",
-	"php_version": "7.4",
+	"nextcloud_version": "24.0.4",
+	"php_version": "8.1",
 	"release": "bullseye"
 }
--- a/install.sh
+++ b/install.sh
@ -30,7 +30,7 @@ type mysqld &>/dev/null && mysql -e 'use nextcloud' &>/dev/null && { echo "The '

 # get dependencies
 apt-get update
-apt-get install --no-install-recommends -y git ca-certificates sudo lsb-release
+apt-get install --no-install-recommends -y git ca-certificates sudo lsb-release wget

 # get install code
 if [[ "${CODE_DIR}" == "" ]]; then
--- a/lamp.sh
+++ b/lamp.sh
@ -25,6 +25,9 @@ export DEBIAN_FRONTEND=noninteractive
 install()
 {
    set -x
+    # Setup apt repository for php 8
+    wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
+    echo "deb https://packages.sury.org/php/ ${RELEASE%-security} main" > /etc/apt/sources.list.d/php.list
    apt-get update
    $APTINSTALL apt-utils cron curl
    ls -l /var/lock || true
@ -33,9 +36,10 @@ install()
    mkdir -p /run/lock
    apache2ctl -V || true

+    install_with_shadow_workaround --no-install-recommends systemd
    $APTINSTALL -t $RELEASE php${PHPVER} php${PHPVER}-curl php${PHPVER}-gd php${PHPVER}-fpm php${PHPVER}-cli php${PHPVER}-opcache \
                            php${PHPVER}-mbstring php${PHPVER}-xml php${PHPVER}-zip php${PHPVER}-fileinfo php${PHPVER}-ldap \
-                            php${PHPVER}-intl php${PHPVER}-bz2 php${PHPVER}-json
+                            php${PHPVER}-intl php${PHPVER}-bz2 php-json

    mkdir -p /run/php

@ -53,46 +57,12 @@ install()
    # CONFIGURE APACHE
    ##########################################

-  cat > /etc/apache2/conf-available/http2.conf <<EOF
-Protocols h2 h2c http/1.1
-
-# HTTP2 configuration
-H2Push          on
-H2PushPriority  *                       after
-H2PushPriority  text/css                before
-H2PushPriority  image/jpeg              after   32
-H2PushPriority  image/png               after   32
-H2PushPriority  application/javascript  interleaved
-
-# SSL/TLS Configuration
-SSLProtocol -all +TLSv1.2 +TLSv1.3
-SSLHonorCipherOrder on
-SSLCipherSuite ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS
-SSLCompression          off
-SSLSessionTickets       on
-
-# OCSP Stapling
-SSLUseStapling          on
-SSLStaplingResponderTimeout 5
-SSLStaplingReturnResponderErrors off
-SSLStaplingCache        shmcb:/var/run/ocsp(128000)
-EOF
+    install_template apache2/http2.conf.sh /etc/apache2/conf-available/http2.conf --defaults

    # CONFIGURE PHP7
    ##########################################

-    cat > /etc/php/${PHPVER}/mods-available/opcache.ini <<EOF
-zend_extension=opcache.so
-opcache.enable=1
-opcache.enable_cli=1
-opcache.fast_shutdown=1
-opcache.interned_strings_buffer=8
-opcache.max_accelerated_files=10000
-opcache.memory_consumption=128
-opcache.save_comments=1
-opcache.revalidate_freq=1
-opcache.file_cache=/tmp;
-EOF
+    install_template "php/opcache.ini.sh" "/etc/php/${PHPVER}/mods-available/opcache.ini" --defaults

    a2enmod http2
    a2enconf http2
@ -112,37 +82,9 @@ EOF

    $APTINSTALL ssl-cert # self signed snakeoil certs

-    # configure MariaDB (UTF8 4 byte support)
-    cat > /etc/mysql/mariadb.conf.d/90-ncp.cnf <<EOF
-[mysqld]
-datadir = /var/lib/mysql
-EOF
-    cat > /etc/mysql/mariadb.conf.d/91-ncp.cnf <<EOF
-[mysqld]
-transaction_isolation = READ-COMMITTED
-innodb_large_prefix=true
-innodb_file_per_table=1
-innodb_file_format=barracuda
-
-[server]
-# innodb settings
-skip-name-resolve
-innodb_buffer_pool_size = 256M
-innodb_buffer_pool_instances = 1
-innodb_flush_log_at_trx_commit = 2
-innodb_log_buffer_size = 32M
-innodb_max_dirty_pages_pct = 90
-innodb_log_file_size = 32M
-
-# disable query cache
-query_cache_type = 0
-query_cache_size = 0
-
-# other
-tmp_table_size= 64M
-max_heap_table_size= 64M
-EOF
+    install_template "mysql/90-ncp.cnf.sh" "/etc/mysql/mariadb.conf.d/90-ncp.cnf" --defaults

+    install_template "mysql/91-ncp.cnf.sh" "/etc/mysql/mariadb.conf.d/91-ncp.cnf" --defaults

  # launch mariadb if not already running
  if ! [[ -f /run/mysqld/mysqld.pid ]]; then
--- a/updates/1.20.0.sh
+++ b/updates/1.20.0.sh
@ -22,7 +22,7 @@ source /usr/local/etc/library.sh # sets NCLATESTVER PHPVER RELEASE
 is_active_app nc-scan-auto && run_app nc-scan-auto

 # if using NCP original logo, replace with the new version
-datadir=$(ncc config:system:get datadirectory)
+datadir=$(get_nc_config_value datadirectory)
 id=$(grep instanceid /var/www/nextcloud/config/config.php | awk -F "=> " '{ print $2 }' | sed "s|[,']||g")
 logo_dir="${datadir}/appdata_${id}/theming/images"
 [[ -f "${logo_dir}"/logo ]] && {