From 073f5e18e3a9830fbe04a7da76d00d1868ffd415 Mon Sep 17 00:00:00 2001
From: szaimen <szaimen@users.noreply.github.com>
Date: Wed, 21 Sep 2022 12:23:29 +0000
Subject: [PATCH] Yaml updates

Signed-off-by: GitHub <noreply@github.com>
---
 manual-install/latest-arm64.yml | 6 +++++-
 manual-install/latest.yml       | 6 +++++-
 manual-install/sample.conf      | 3 +++
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/manual-install/latest-arm64.yml b/manual-install/latest-arm64.yml
index a9753125..c2f52fb4 100644
--- a/manual-install/latest-arm64.yml
+++ b/manual-install/latest-arm64.yml
@@ -17,6 +17,8 @@ services:
       - TALK_HOST=nextcloud-aio-talk
       - APACHE_PORT=${APACHE_PORT}
       - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -54,6 +56,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -84,6 +87,7 @@ services:
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
@@ -105,7 +109,7 @@ services:
     image: nextcloud/aio-collabora:latest-arm64
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
     stop_grace_period: 10s
diff --git a/manual-install/latest.yml b/manual-install/latest.yml
index ee7e220c..0d652f68 100644
--- a/manual-install/latest.yml
+++ b/manual-install/latest.yml
@@ -19,6 +19,8 @@ services:
       - APACHE_PORT=${APACHE_PORT}
       - ONLYOFFICE_HOST=nextcloud-aio-onlyoffice
       - TZ=${TIMEZONE}
+      - APACHE_MAX_SIZE=${APACHE_MAX_SIZE}
+      - APACHE_MAX_TIME=${NEXTCLOUD_MAX_TIME}
     volumes:
       - nextcloud_aio_nextcloud:/var/www/html:ro
       - nextcloud_aio_apache:/mnt/data:rw
@@ -57,6 +59,7 @@ services:
       - nextcloud_aio_nextcloud:/var/www/html:rw
       - ${NEXTCLOUD_DATADIR}:/mnt/ncdata:rw
       - ${NEXTCLOUD_MOUNT}:${NEXTCLOUD_MOUNT}:rw
+      - ${TRUSTED_CACERTS_DIR}:/usr/local/share/ca-certificates:ro
     environment:
       - POSTGRES_HOST=nextcloud-aio-database
       - POSTGRES_PASSWORD=${DATABASE_PASSWORD}
@@ -92,6 +95,7 @@ services:
       - FULLTEXTSEARCH_ENABLED=${FULLTEXTSEARCH_ENABLED}
       - FULLTEXTSEARCH_HOST=nextcloud-aio-fulltextsearch
       - PHP_MAX_TIME=${NEXTCLOUD_MAX_TIME}
+      - TRUSTED_CACERTS_DIR=${TRUSTED_CACERTS_DIR}
     stop_grace_period: 10s
     restart: unless-stopped
     networks:
@@ -113,7 +117,7 @@ services:
     image: nextcloud/aio-collabora:latest
     environment:
       - aliasgroup1=https://${NC_DOMAIN}:443
-      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true
+      - extra_params=--o:ssl.enable=false --o:ssl.termination=true --o:logging.level=warning --o:home_mode.enable=true ${COLLABORA_SECCOMP_POLICY}
       - dictionaries=${COLLABORA_DICTIONARIES}
       - TZ=${TIMEZONE}
     stop_grace_period: 10s
diff --git a/manual-install/sample.conf b/manual-install/sample.conf
index bdaa4780..d8fc73a6 100644
--- a/manual-install/sample.conf
+++ b/manual-install/sample.conf
@@ -1,9 +1,11 @@
 AIO_TOKEN=123456          # Has no function but needs to be set!
 AIO_URL=localhost          # Has no function but needs to be set!
+APACHE_MAX_SIZE=10737418240          # This needs to be an integer and in sync with NEXTCLOUD_UPLOAD_LIMIT
 APACHE_PORT=443          # Changing this to a different value than 443 will allow you to run it behind a reverse proxy.
 CLAMAV_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 COLLABORA_DICTIONARIES=de_DE en_GB en_US es_ES fr_FR it nl pt_BR pt_PT ru        # You can change this in order to enable other dictionaries for collabora
 COLLABORA_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
+COLLABORA_SECCOMP_POLICY=--o:security.seccomp=true          # Changing the value to false allows to disable the seccomp feature of the Collabora container.
 DATABASE_PASSWORD=          # TODO! This needs to be a unique and good password!
 FULLTEXTSEARCH_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
 IMAGINARY_ENABLED=no          # Setting this to "yes" enables the option in Nextcloud automatically.
@@ -21,5 +23,6 @@ SIGNALING_SECRET=          # TODO! This needs to be a unique and good password!
 TALK_ENABLED=yes          # Setting this to "yes" enables the option in Nextcloud automatically.
 TALK_PORT=3478          # This allows to adjust the port that the talk container is using.
 TIMEZONE=Europe/Berlin          # TODO! This is the timezone that your containers will use.
+TRUSTED_CACERTS_DIR=/path/to/my/cacerts          # Nextcloud container will trust all the Certification Authorities, whose certificates are included in the given directory.
 TURN_SECRET=          # TODO! This needs to be a unique and good password!
 UPDATE_NEXTCLOUD_APPS=no          # When setting to yes, it will automatically update all installed Nextcloud apps upon container startup on saturdays.