From 54d658e8f2f6e896e80c77645c65d221b975c46b Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 28 Oct 2025 13:10:28 +0600
Subject: [PATCH 01/49] Only office environment addeed

---
 .env                                         | 67 ++++++++++++++++++++
 .env.example                                 |  8 ++-
 config/nginx/templates/default.conf.template | 10 ++-
 docker-compose.local.yml                     |  3 +
 4 files changed, 86 insertions(+), 2 deletions(-)
 create mode 100644 .env

diff --git a/.env b/.env
new file mode 100644
index 0000000..d363be5
--- /dev/null
+++ b/.env
@@ -0,0 +1,67 @@
+# docker compose
+COMPOSE_BAKE=true
+COMPOSE_FILE=docker-compose.yml:docker-compose.local.yml
+
+# Server
+DOMAIN=localhost
+SHARED_STORAGE_PATH=/mnt/shared_storage/nextcloud
+
+# mail
+SMTP_SECURE=tls
+SMTP_PORT=587
+SMTP_NAME=username
+SMTP_PASSWORD=123456
+SMTP_HOST=smtp.domain.com
+MAIL_FROM_ADDRESS=no-reply
+MAIL_DOMAIN=domain.com
+
+# database
+DB_HOST=db
+DB_USER=nextcloud
+DB_PASSWORD=123456
+DB_NAME=nextcloud
+
+# New: OnlyOffice
+ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
+ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
+ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+
+# redis
+REDIS_HOST=redis
+REDIS_HOST_PASSWORD=12456
+
+# nextcloud
+NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
+NEXTCLOUD_ADMIN_USER=admin
+NEXTCLOUD_ADMIN_PASSWORD=@dm1n
+NEXTCLOUD_TRUSTED_DOMAINS=nginx
+TRUSTED_PROXIES=
+OVERWRITEPROTOCOL=
+SENTRY_DSN=
+SENTRY_PUBLIC_DSN=
+
+# nginx
+NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
+
+# syslog
+SYSLOG_HOST=syslog
+
+# S3 Bucket Configuration
+OBJECTSTORE_S3_BUCKET=
+OBJECTSTORE_S3_REGION=main
+OBJECTSTORE_S3_HOST=fsn1.your-objectstorage.com
+OBJECTSTORE_S3_PORT=443
+
+# S3 Credentials (sensitive - keep secure)
+OBJECTSTORE_S3_KEY=your_access_key_here
+OBJECTSTORE_S3_SECRET=your_secret_key_here
+
+# S3 Connection Settings
+OBJECTSTORE_S3_SSL=true
+OBJECTSTORE_S3_USEPATH_STYLE=true
+
+OBJECTSTORE_S3_AUTOCREATE=
+OBJECTSTORE_S3_OBJECT_PREFIX=
diff --git a/.env.example b/.env.example
index a57ec80..bc26481 100644
--- a/.env.example
+++ b/.env.example
@@ -20,7 +20,13 @@ DB_HOST=db
 DB_USER=nextcloud
 DB_PASSWORD=123456
 DB_NAME=nextcloud
-
+# New: OnlyOffice
+ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
+ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
+ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
 # redis
 REDIS_HOST=redis
 REDIS_HOST_PASSWORD=12456
diff --git a/config/nginx/templates/default.conf.template b/config/nginx/templates/default.conf.template
index fe2b6cf..406304f 100644
--- a/config/nginx/templates/default.conf.template
+++ b/config/nginx/templates/default.conf.template
@@ -135,7 +135,15 @@ server {
         try_files $fastcgi_script_name =404;
 
         include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_FIntroller_active true;     # Enable pretty urls
+        fastcgi_pass php-handler;
+
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
+    }
+LENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $path_info;
         #fastcgi_param HTTPS on;
 
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index cc75125..4d92395 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -54,6 +54,9 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nginx
+    environment:
+      NEXTCLOUD_ADDR: nextcloud:9000
+      DOMAIN: ${DOMAIN}
     ports:
       - "8000:80"
     depends_on:
-- 
GitLab


From 7ac27d1586d60447dd7e024a3dfbe604c244042d Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 29 Oct 2025 18:00:20 +0600
Subject: [PATCH 02/49] Step 1: Update .env.example (New Env Vars) Task 1:
 Install Nextcloud OnlyOffice App by Default

---
 slim.Dockerfile | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/slim.Dockerfile b/slim.Dockerfile
index db04d1f..96da5f2 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -49,7 +49,10 @@ RUN curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 # Murena theme
 RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes
 RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
-
+# New: Install OnlyOffice app
+RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps && \
+    mv ${BASE_DIR}/custom_apps/onlyoffice ${BASE_DIR}/apps/onlyoffice  # Enable in apps/ dir for occ
+    
 COPY config/nextcloud/ /usr/src/nextcloud/config/
 
 # Apply patches
-- 
GitLab


From 9d944a721b80ab6a16c44f92492f13d981db6659 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 29 Oct 2025 18:07:21 +0600
Subject: [PATCH 03/49] Task 2: Configure OnlyOffice with ONLYOFFICE_ Env Vars

---
 hooks.d/99-onlyoffice-setup.sh | 22 ++++++++++++++++++++++
 slim.Dockerfile                |  3 ++-
 2 files changed, 24 insertions(+), 1 deletion(-)
 create mode 100755 hooks.d/99-onlyoffice-setup.sh

diff --git a/hooks.d/99-onlyoffice-setup.sh b/hooks.d/99-onlyoffice-setup.sh
new file mode 100755
index 0000000..fbd31f4
--- /dev/null
+++ b/hooks.d/99-onlyoffice-setup.sh
@@ -0,0 +1,22 @@
+#!/bin/bash
+set -e
+
+# Run only if Nextcloud initialized and app present
+if [ ! -f /var/www/html/config/config.php ] || [ ! -d /var/www/html/apps/onlyoffice ]; then
+    echo "Skipping OnlyOffice setup: Nextcloud not ready or app missing."
+    exit 0
+fi
+
+cd /var/www/html
+
+# Enable app if not already
+php occ app:enable onlyoffice || true
+
+# Set config from env (with defaults)
+php occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://documentserver}"
+php occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
+php occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-AuthorizationJwt}"
+php occ config:app:set onlyoffice inner_request_timeout --value="${ONLYOFFICE_INNER_REQUEST_TIMEOUT:-3600}"
+php occ config:app:set onlyoffice max_file_size --value="${ONLYOFFICE_MAX_FILE_SIZE:-10000000}"
+
+echo "OnlyOffice app enabled and configured with env vars."
\ No newline at end of file
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 96da5f2..78b305a 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -23,6 +23,7 @@ ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packa
 
 COPY custom_entrypoint-slim.sh /
 COPY hooks.d/ /docker-entrypoint-hooks.d/
+RUN chmod +x /docker-entrypoint-hooks.d/99-onlyoffice-setup.sh
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Documents \
@@ -52,7 +53,7 @@ RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
 # New: Install OnlyOffice app
 RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps && \
     mv ${BASE_DIR}/custom_apps/onlyoffice ${BASE_DIR}/apps/onlyoffice  # Enable in apps/ dir for occ
-    
+
 COPY config/nextcloud/ /usr/src/nextcloud/config/
 
 # Apply patches
-- 
GitLab


From 8673d2661ef42db07547fb3e1a277d266edc8fbd Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 29 Oct 2025 18:09:35 +0600
Subject: [PATCH 04/49] Task 3: Patch PostgreSQL Init for OnlyOffice DB

---
 config/postgres/init-onlyoffice.sql | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 config/postgres/init-onlyoffice.sql

diff --git a/config/postgres/init-onlyoffice.sql b/config/postgres/init-onlyoffice.sql
new file mode 100644
index 0000000..40e964f
--- /dev/null
+++ b/config/postgres/init-onlyoffice.sql
@@ -0,0 +1,18 @@
+-- Create OnlyOffice DB and user (idempotent)
+DO $$
+BEGIN
+    CREATE USER onlyoffice WITH PASSWORD '${ONLYOFFICE_DB_PASSWORD:-onlyoffice}';
+EXCEPTION
+    WHEN duplicate_object THEN RAISE NOTICE 'User "onlyoffice" already exists, skipping';
+END
+$$;
+
+DO $$
+BEGIN
+    CREATE DATABASE onlyoffice OWNER onlyoffice;
+EXCEPTION
+    WHEN duplicate_object THEN RAISE NOTICE 'DB "onlyoffice" already exists, skipping';
+END
+$$;
+
+GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
\ No newline at end of file
-- 
GitLab


From 6defeb74a34a99f1b1285abe855afecf46267f78 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 29 Oct 2025 18:18:38 +0600
Subject: [PATCH 05/49] Task 4: Add OnlyOffice Services to
 docker-compose.local.yml

---
 docker-compose.local.yml | 44 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 44 insertions(+)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 4d92395..d35fd23 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -8,6 +8,7 @@ services:
       - POSTGRES_PASSWORD=${DB_PASSWORD}
     volumes:
       - db:/var/lib/postgresql/data
+      - ./config/postgres/init-onlyoffice.sql:/docker-entrypoint-initdb.d/10-onlyoffice.sql:ro
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
       interval: 10s
@@ -38,6 +39,18 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nextcloud
+    environment:
+      # New: Pass ONLYOFFICE_* envs
+      - ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver
+      - ONLYOFFICE_JWT_SECRET=your_jwt_secret_here
+      - ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+      - ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+      - ONLYOFFICE_MAX_FILE_SIZE=10000000
+      - ONLYOFFICE_DB_PASSWORD=onlyoffice
+    volumes:
+      # New: Mount config/data (assumed missing; adjust paths if external)
+      - nextcloud-config:/var/www/html/config
+      - nextcloud-data:/var/www/html/data
     depends_on:
       syslog:
         condition: service_started
@@ -48,6 +61,8 @@ services:
       redis:
         condition: service_healthy
         required: false
+    networks:
+      - worker-network
 
   nginx:
     build:
@@ -61,11 +76,40 @@ services:
       - "8000:80"
     depends_on:
       - nextcloud
+  
+  # New: OnlyOffice Document Server
+  documentserver:
+    image: onlyoffice/documentserver:latest
+    container_name: documentserver
+    restart: unless-stopped
+    depends_on:
+      db:
+        condition: service_healthy
+    environment:
+      # Shared DB (password from env)
+      - DB_TYPE=postgres
+      - DB_HOST=db
+      - DB_PORT=5432
+      - DB_NAME=onlyoffice
+      - DB_USER=onlyoffice
+      - DB_PWD=${ONLYOFFICE_DB_PASSWORD:-onlyoffice}
+      # JWT from env
+      - JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+    ports:
+      - "8081:80"  # Local HTTP access
+    volumes:
+      - onlyoffice_data:/var/www/onlyoffice/Data
+      - onlyoffice_logs:/var/log/onlyoffice
+    networks:
+      - worker-network
 
 volumes: !override
   db:
   nextcloud-config:
   nextcloud-data:
+  # New
+  onlyoffice_data:
+  onlyoffice_logs:
 
 networks:
   proxy-network:
-- 
GitLab


From 9a117ed5ec3420c45c5204dd0e34406fc6ec3af3 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 29 Oct 2025 18:31:48 +0600
Subject: [PATCH 06/49] Task 5: Add 3 Default Samples (doc, xls, ppt)

---
 samples/office-samples/presentation.pptx | Bin 0 -> 19203 bytes
 samples/office-samples/sheet.xlsx        | Bin 0 -> 5507 bytes
 samples/office-samples/welcome..docx     | Bin 0 -> 5119 bytes
 slim.Dockerfile                          |   4 ++++
 4 files changed, 4 insertions(+)
 create mode 100644 samples/office-samples/presentation.pptx
 create mode 100644 samples/office-samples/sheet.xlsx
 create mode 100644 samples/office-samples/welcome..docx

diff --git a/samples/office-samples/presentation.pptx b/samples/office-samples/presentation.pptx
new file mode 100644
index 0000000000000000000000000000000000000000..5e94b45f3691a67cefd064472702e6ce4994a15c
GIT binary patch
literal 19203
zcmWIWW@Zs#;Nak3C`yivW<Ubm3=9nMMX5Q(`g$O8?Id4sW=Ed3_kTqX-`RaLOkm>N
zx2`SsTwd{W7~kZ7bEd^-%CGmbT?@FEa#Wp}ZO(sQ@$Ng3{%3QSoUydrof(y_@l)oR
ziPi6-ikSO1WB0$B_p&2OJ9XC18C8?JHc!^N&n#jec;r&bvJi9UX&q7Sl8qPlKl0d+
zdpml<e4g9-Gt%VeOs%~UQT!v}m$bB!CR+&0{MKtaU!zKv1wGVIUb$KE_j0M}#fw*_
za8GaDwqN|zVT0<b6aRFBE_uh51bH<cDpgI{msaw5zT4?z+j%xKaZi<+cRSu`HJ{l0
z3-wF^-s~K_Y_<<>GcYhXFflOT4iiBJ28NXU<bb05f@1yT{GwF7irk#u;L~}x4FvXl
z*X9s=;k!s>ao(z1UV`F`Tq+KY78w`44+La)PW-{(8Ts-4^d&h*b!%RD{+=;6^4+?y
z>+2V}R~t;z-g&HYRwB!!m9tK#^~!JGep1x!T43bmIM0a3%n>!Qd!r3wjZz=92TJuk
zPMD}ZX<JHFZ}jsL&yG}Gj;!GR33fY!-2$G+UKa3;beC3eou=E#;GX?TgR`Y`p5(`g
zo6?Mz%K6B1X1Oh3XS@_SX}M+PVJm|}aXK9{jh8%lx8R}Dmnm~DuAg@PK%va#LcxXm
z{?GZdYkzfzzwZv7#YqjTuWp<;Npb;S))UTCp6{mo+<Bws_Ps}|PIUEq&Qm@5Jhv`X
z?6lGO`t>L5zcv<Zn!3{I+u4t0ywfDt&Ap$vHFu}$Vk6m4_vaZ;xOSR<6I-*!tro3)
z>{|kzG%^F*-l_TgdRRNJ_UF3^3+CQ`mcY1Dwn*2-NP5n?#s0SSVg7Ob=AX2;#$^|1
zrE1k)%*=VcXX=G0|5W22q2UUXkGFHobbi=Tm34Qo{dU>*U(X)QFH<a=)oO9<U;T{v
zr;dKgnW5gaA}8Ve;j7`UB6IIv*eW|OzF}wPrOl6XkH_*~<#l-7F0naSCFsvz=a6~^
zP!dQv+f#6ak%1wG8DA0*Ku!XQ1qGlKFn5A)_F)5_w)ek94}O_t!Rf7WwD6{cwdgkI
zurls-Yq!Y#J5=WN>;3a>Yu;8~a*el{6t`*K)>C~Cnzt--4h>wy!?WFKR&D#fU*Bsw
zHwnxX^oeAawQ_XG{^eq~xAei{mI<m&oU&F&UW7@o*D;)Rns`gC)a|utx8~RCoa2E-
z6`N}=B`B>sz3Hfdy8)BSyF7;y)pdOz_Xi~Y{JC$#TYtTe8ZRBKk17Q;y-&<n4&Hmk
zVRgtp)h9<SRV}+c1$Rxf=9ix?x+Aaa*PHHMlgl<W`nMO>o|98+`*N87L&xl0F?;-i
zI`^pk5G+s2U!Qb&mFB6G>5coP4wlEh)CYwc_xmL*KNuJo<}l(5HF*XGhJu0;eMo^)
zP?TDnnpcuol9`_e3O{fGv-i?LuOkKmY!80hxz5<_dplGxbC-DJjb?>Sb`BoPb8nb&
z8V7!P%e!k$bYxfiqe3;~`hAB(W`8df$oI(E8yt{g$x(95{8}kj+_&4St#4de{YsKu
z_A<wJvke~BeWG6s+p0BhezC|pSK}}}F3Nv#-^wL^Y`J{9oFkw8T)X5m&kFUKN!K+N
z#0EFqsAu`(y)8dF`@_N6*9Bwud}!^-6c1jojBjz%`cJzfQ#5&=q&n|h(#U@M!Qy8f
zUz9Dg{nXMTUmuO!?{NH`&ZA%R1)j=0O7nD4c%uI4rIP=I;MW}yp+!aizp8_RE2Q9I
z*dqo81~a^gOavNS=m9nN(p|s93KDD&iq|(4>|=~w7`wSl{n!zg{wv%LUgk+ZISsZ~
zetmQ;<F)^$3bvX({56eNe=Vr~pj8`i?aG8RhAfvjZfk8``S9}Nvuj!uT=JssMJs1l
zOkrF%d-c@SbEZ4aI+5(vv}8uWN2$Ez5>Y3|oTbka^X8hYycW5>(kFPo<J#xHm%Nrs
zl`vki)2QIYZtqWzi|d{LsCK-yQhl;j)Ozk3<439WPKU#GeyCKP^#8*ap?hq%kM7)1
zwP3>L>X&mv)q5Xg#<%=qKdIIsHr-^|&ib1>BaLFSo<)AulJkFiP;GDIi`&(5i@t1s
z8{2U|tRX9V#>71*PP3lAy!-d7WYtikj#;9=l<j2a3!ZX&dDOisO3&@-A8z?z{(J|S
zOZ`W79MM@U(2>lmsco?I2al9=s>C+YDSDBHZ<J=}dU}d6+x#;)YYmD51Fz_pj*JWp
zAMqCTI?yO6&dE$k^-U};Ni8adCSN2WLwNE%I%zN0Ap?Pi^7%@4@-Br5PFxo2A~0u(
zorA~v+zq}?Laz7kHSp<nSa9gEfB$~hJSOg5+q{^Im8mA}Q`8&+yo0sx7FmSu{wZ}T
zX`1{-amBtLev$r<`o78R5_r>QsBbOPvi#VhzPZPCIJV5#H7!!{{36$Bswca48Zvir
zPJWZkmlwa>Vb$)V`8SqjPC2r6;&jH+isGi$9o>Q&G2M;KOV6J&US{&CVej=5bt@lM
zhdy?^b5_+S#qI0K3+|hb+MnIzpLV)_mTp|y<~hD`TPwiDp+@E;_p=NP3=i=JlOncY
zLJy$1Q*IaCG7xBc|64@rE_-5f#;b!*mMuS{lAAWku3<uIbhDo_XVSfW+72wvw~W5F
z?)~@W{rlL;w?AXotK2Gh-g;5=oLh3wj<jWByVibKKYhLVc8Q-3rM^oq?l~0w?&IA@
zhwn^_yVie&{hdHWM*JnNa>W~y1kPKnTOlub+H{TSF-@rl*S0Px`y#q#s>;s_8|5yp
zUjCooX4Smj@!aYH!_$4~kJcF)`YKEO&$$uRc>Ugy!kxxn=Wh5H5fm2lL-XLAkIOif
z)2<xsiuinLu4&TqX}#^Wsh9s7o@7_+ioHBzQQp>V<_|I#&RjY{DX0AHL)JY8-*jGA
zeEoK`P)>R8&u4Eo*A{V?SS)&T{Mkvxz{4g9OI9{b?>jm3!347dRiD|OJ-H;K^7iND
zjGN|uvhT}T%9y{3wmIH8W-Phxlbyo0__X(HH@|xx|2gve)AM}AMj9Gr6TSKhZ&`fW
zHr;2Jd)CEGXSH;gb0S_St_l~>y=}9}W|NIkheonN;Q|Ym&L^ERrjuRNIz>7~I(>v^
zsu_8wv<0fS#vQzJgxjrm;{ERmt{1-l)2>?(y_xU(*Jl3o6m!<fuo|5__05lj-PZLS
zxqJPm>o*5$+4&jj|1YGe-%`ptnHu@zN&V&@yr7Kqp5;l*Wkv>utt|M8eo&hURP=+&
zGH}BQlx2D+?BzRTz|&GbZ_z0}O&*TWEwKX1Ne%29qNclL%{jqWpWm;kaPZiZi0Qve
zo|o2sb}n-i6JKHSIWo^^iQ1MvzonLP+b&N%slvF`faTDoJApp2zSlN(^fXOTSXq32
zW|0S%hVT3!oi$UJx$_%w3wmzV+t9v5dw$O8g3x{PZ<NkYzt*h$`P*mve-}#E9rVpO
z7stFuq37@nmn!k6&fWhn?5qCcvTDncFArBeotMmh=CQi%<g9PXedq5dhwy_u?$Pi4
zeis7+Lpa_#4_1hmWTfV%>VrveadCI5Z~kpaYoY1g>PI^`FDdvL>Ts87Y;fLoS90dI
zs~(#aSHAu9e)$Q%N9z|JHb{6;)9GPb<J#4;ch~=gDwS@@t}BJ5?)qpro;@A%!e-(9
zeR=owH8%2<aBaFW<AQQj)&9EeO-r={6hA(^rKh;CwfO2J!_#}E-}pu@{8k;ADPoa7
zYtB-(xIJqo<yg%;Gm~jyrf`0p`o1$p2MdEgskh#`s>G&hF@Kk?ORDC@1vP!~Odi*t
ztJr(mxZarD?7jK1;^$el0@clH8@>q4ty^>QyZlnc^9sUNocyV;MRzk?;@zoZ!+V|K
zW#X?{_qJS<F0$Rr!0>$El!rGjGClIVvq5)7T;CIc^Y0g&-u~q=BY$C!?cX1#?(_X<
zU0(fbdw8AMgP(V0_uuj4UN!x*V4alfjfc!39t-&woA;&vYD!u9$ENFinxM`%-nyj`
z*)^{!-dY{LGE14Yf9cIC1(WONSE#*<NMyTHEZ@W6>8UECzimN_%`XwnhpZCa=gdEs
znCJ*b8A{i*y!TIGzqL>9<lFhKo8lgMy)chDYFc<LFC=4jmbBBUxz=7a8y0#*dri#S
zYb?RIyT>*3hbnK^^trcQvHUG&HPi8awazt8$f`em`Re9V`!j3u{|1F-I;}mY$vE@(
zdB$=zp5oLsw;Oa{i5&7QZJ$z*G3)!}y4k1J)LYI-J#kmxCj9dIt4fP^*UP6R&wTs&
z?SISte-A}G&p*v3|7~;nUtv)C`nKU?lN=KR!$l5!84IO`@=2`BFD*f-p&&xWpzH>2
zVD<K&1=Ub3@9kV~?7n%exnssRB`5wkP!+W;cf(J`&PDn8eYzDNEUY)*H(35HH~rh9
z89n7pS#gZY%lDY&i4?rozs<bm?6Z=^k<WxYCv$dAm7mVyW7)2p6eJuua|i#EF5@2=
zsd`3z5=*L1Oe_cwt?uz=GtpLiy`|yCOR0$eoL~5F^EU^Ue0!C7@~OP&jI_lswSt#L
zY%uDZ!dkFz&w3|QebI(gy>;Kr;z5CM<EeAlY6b=dHN2UOxIi!(4TRDXaN#q2Qvym$
z1d{fP^}#I>2nU=I-rl{Nx7b69?ZM~0Tt^Pdta)N4a<t!gZqKE=ljlubG;hV^i|=HT
zG?K2&a0)0>-yD_sy{>G1Zhm5SymZrB3%;!7pQB#!9Sda*t*NQ&5q|a7zx=aD<R%mD
z%9>TL@=Zb$Hy;0Mu+KKMe*aDh%T<#&&A;94IQ}MNZ~Dw%mv6@3Q&W$862I$vjiSg+
zmpOBHEPv(G@g&9O+#bo<yKhR*+Yqr&>_f>ruAe4*Wq+^y9cpIVf6V3bnvZvQleey#
zZ?mj!(x#rHheV6Ye@l7FU*_O%x{xftWBZKL+fKO!iHY{6Z8kVLEB4aM=5NmyPXE-y
z{;2o(^U&bOE%m9HhYl|?jm`e<Z9e}JN2aOKce%?Och0VhR8hW}retl*yEx#E_}yU9
z!ucl_tG^3bDsiYpbN<U$Gj00rl|IqlXgyu~o}n4{^ffW_Rn0Y%e+KROGehnA$<V50
zA^m%9Eq@xis-^CpPiU-cIakQlsMU|3W*xo#@$j+KiMQWfyEA#W!d&z7-KIqsrtA(5
zJ@&fx-~SzdwRQ`4h3|Xwb?>{gb+@DL&;Gk-XY2OI*Z7|9T~WUC-tTW4wzi!%ob}P_
z^lGv7b4uCPNUr!Mu$I@)R%7)-3CU?{@~-VGj8D!#F*i<{C$`upYRZY~C6hN*1TK;6
z@9kaVmXd7zbwdf8%4)a8=^8JdEqo!{9y)ooU_g_GPo3uCos!+0rXH7jJN@K)TGvio
z#(niu6@N;-_{<+CDmK2+(>D$b+5h!v(9VFjJ16MQTYhG5N@Kv(1i6zoKdx_7Y7hLm
zYE9I;l^-ql%v~Eku{C$o=4-tE*Is3u%BlWX9>ZampRam<JMUFHH}0~j%N72<U%R#@
zw8Z(kPIB>2`)jA7mu0?KcBd^bOKj^`->D~lx$z`LFWX%0{iNUTe|gT4i2EJuZuc#|
zd^g(g+a0dl+@(6ZtF^yqE>5#s>HO^1vQ?XQZ%?&-$`R>*Ys%jABR6*+%iB}7YuDyq
zJm20u%9<M!bZ3rb)I>|6c~569E@iv3U3pJV$hB&h(n~A-zOBwHStb2Dboty@CHr5c
zE#I{>zI1i)-COH--CdcteO3SU{=`!@3tjH&=vcips+~}>oZl!#P-c?v=2cH?0)J}V
z4_nm`lvcE}>%^b0mhqdU<EDuGymxz<qHy-&&KmP@*F_b3Gj68*eC8ta^T-OVD@V=5
zubU>#nzniCpIh_R%ypVQyT0V`ujKDL(sf=j#T_vYTX)KRN2G>Z?VY;YXDdX0i6@GP
z`d_;J^0!9lv~@Oj90g{`t)7)9+WqLy0@04Z@~sbzi!WVwJ0-p`{(YHZ|C+M)9sLnI
zXP(!Y(6)1R)r)y7n~KV1xtS#A^Lu@&*qSGI%qG<Pe#lyN^+)eyzrX*yDfnk_lIAbd
zb6j1^zBa88U-q?0y4qMz`L1y0-zR%Lvc-@7sZp#D=-L#Yy8Ec0cA3ey^>?oP)iF2K
z?JEwMGfzkEZ=J6F|G%2oFUEM!^f;_<#CiPBu85$iuK!fh{N-L3b-Y@<|Jxbc$S0|J
z@45_6+s`?Aw0*{buTS{qEMF)c`gU#EzMf@CI<FOFuK&BUD4^J&_10v!g=(e?12jaq
zTAdJ7$<lyqjaDnE!UA1X2@$Thp(|`>IORGwBPsu49sEM=YKf@S=RcwoK1F)YwC|fb
z<y^uN6B+jS_03ZhR6RI@nx-f`EqC*Zxlt3zW&4bK_T+^kS-vtTwt}sy<(iw}ta)Xd
z3^#^cwdgATGTkdmXSW9YnWPR@jd1v_APvbkQ7as0WiQ-o?u6_akiz)&PTTMF{x@iy
zCEOH!!5QIGkmSO@T(UVzD%}=4SZ%?4BvaR4IH=}i)Y*tj)2kah;?V+6<Q7DeuRC%W
zfepS8*J|agd8NSTPpJ@C0M({vev6hRI-)r)AY;B$Y3_!TlUL*=e^N0J;bC<?7yzS6
zn4Q^Y+jibCdv}$kt!ZI`h6ERk%1d~Wa9LgQ$}(g@u##KnFC2X4uQcV+JQNL03lm<j
zweguXPO9<0bO3Gz)WR+E7dD?=u;jK#y(T}*3b1KhZ6KS1H3ZKdJNp{pGO)G_ygafw
ze5$dFMZ%FB4UwvAvuZZHvcX`X4Z_V}19vqpY(Bfl#HiqV6<Ww{iC_3DVX{V~7+TnI
zwdMu9NGR5rdfjRN!~C|sdCvkOCHPvM9|l;6z$n>!3z_{Ex$M()E;L2bK0kip?2yZ$
z8D~C+JDf^aP5oyP6~t$zc*$k<gL~cvsy>{-ho%^)`uyBGQz+alUd(y_$Em(QADj8E
zD{tB|Q|hJGq}xAR-R-<Z_r@=G)t~JBuJ+`V8TCGsYn~h{y}0Y^j#X36blsg^sV*WI
zoPANudT-~p>;<M<pQ-t^%(&E<d(O`!dV9vxo1AC=U)lHgri!k=j%vI`=;tFV*WE7L
zqjl+*PT2e)Yx_mAGFx^ZHaXcJ{AP2+l&OnvSA>@C`k}(S@s(%f%0KIQvev4v;C(z{
z!L_dA4vurD*$Sk;Uwq;BB93(i_99&~43}~!sMh}uVw!g@cH(q>^Qm?=Gvg!n^Z)nB
z{5JQ{lSu!EHah&4&85vx_A~5zDq`00Sm4*DbBTdl=bbB`d$`zquTAL6z&e)o=U+^8
z%=o-*ZpHJ)71P$agt^T-;v-z{+xXJS?b$bl+%6yS>-BM-hGMQOZr1#ptEcy5_NOS1
zf4V*SwLkSIw<kYaCOP@H`>RdwpUz79y7Jfl`v2~CwVzICzURI_^wdLc!Pbw7p3gg~
z{~5eo!<xONhf8Rx<Lii$^9!cN)a{$Gb^DPwU;oyeS{%#xd;R}+k{f<ql-s73uzu$8
z<oKU!yDoWeOS$;(W91&%yR!3_^!d;ASyR?<s(jL0#w^Ka-2SU}6>n)@*LiVv<P15f
zMecXb-&M>qQOpuvF1%>hR$CWMMSaWmXO|zzy)4Xr^tnkt$k5uvp?~}0-ON+2F-EmL
zj$_oiZxdI=XM4|id)GySio1$gW{O#U98O;<`0jQsdU*FWU*KxKKxbtU#VVWjytkJx
z1<Cb?i!S*c=e*_DIz_4TRlFC)vwrdh#QyjgE@Zu5KR05ocIT%(mrq`c&$E2T-D$m_
zr^Bf5ZjJEvo-g0NGd+!rsg-;%?}yF}v17-pLs#ATSX6S_Z`$eXx$l35ExG#JR_OZ2
zKIh3h>N<|}@6)~!(Ng^F@Y)}R|Cf~R*=u8yd9&8D+b;VO*QfW>y4SdVI~R3i*_I!5
z$(QF>23)?lHT2e^U0+vSy0&b+aeOSB^`Gjy%5sy!jJPetbzIe6rx`8RpFH#YtdpBg
z{NFMo{N$M%)-x?joK9}rA9;D{=`Gi@4OBL}t8Z5L)V<;V@h5j%9q-j&aGUn`^Usb;
z{KrmQ?655IDK5&3xln$^>i_avNAfky6_tNjd$w-UzMQ8uMftPVq{NSp)l%1-iMn37
z{d4KW`j_`Uw_5zR2lcSNe`Cnt<Yr)~N@K(`=Ov0f!Ut_pgS!$}!*2UY8w%9E509v0
z&v$YVNNv{84d8S<@|0O-{p5&`x7NKqyEOj(#=Wz-S-QMJ58A!C^?2rH<Kx9T-~Ggw
zx)|rpy`Xh`?Oz_{bu;u@q@Mry_%P|cg!1#1S}U$}J+C+^YxlPP<;-=HS(_4`?lL(p
z{N8uEz;U%bOY-8S*CpgG$@R4Lc{@X7+BwE8Q<lt4bzic?>7muVJ*xL2-tG8w#d*<g
zhd0p<UouoA{x6FRWeQ{37~>XTE_iHhP*&-@hf|v(-+npq-Z=JJz>yc0+ugc5uASQU
zI!pE+uSYfal9YVSHA~8(X4)Pw2{;qr@o@S^n>+1mlfG}_h)<W(d7ii=ZThu4vm4(o
z{>7PRzPZtLQG?w9kBdUvq$jKMmEM>ZdG=bHTqPf$-s9!<i|-yiF>Q6_76$2ziOCrU
zQ!6IF4c+&lV`=KP?76;q@xAGj-|H)XIT7ZxuuJXfiRedbX66fAwaQ!}<#FoA)M>2S
zSFmoGd}}?Q$3~G2>r7``EisuOGDEF5yLsI!1!Kp$Oop4>`ju~|i=9j}Tj$pIbA6`G
zo0JbOdQs}f3w?e`+ssReEaHeM>FeX~Tf`j6EcyD6>UCAFW|`=7Hhg7PyUXl$n&}-}
z^QCoy(LZM`6MmNbnVuVt--(^OGrs2PQ6mf9hul+6$)7s<cjMUu=FN%53%YzwR@gp$
zbSCoYL;g}bPIWc;_{7;Ej8Xmzi+I{)KAW}it(La9^vWtIpvv)r!7pzqKgV_7<la9N
z`7`x#bF;&Y&tX1^@l*EoEBCB22((FEvQ)$AWMR_r!^N2wd%PUZ%!*a;zw;x5<q6a3
z!pvm1-Ju^UBUGXsZ)=$y<*3p<o*otu`S@l?<NNzsJNNWH_cBmFvg1go;eu)RYEON-
zc5?aOuG%YK_%l_0bp_nMskd<3|CIr;rZpAo!}zV<+Gl)Cnf(0x!mDmY|HIe5J=dQ5
zd}`GC9aE(CI&YTWabkPMv^DvvOLnf9vZh+ic6(P<-MXpmZ5_uxce1rzko_OYxr6ta
zL|*2{y2rYqel6ZIMQlgjEt!|hvik0#rgz*;URLqehe}!{4(hL%;(ThE{-d`n5$+S`
zMozBqfA^mal-2&p&S}?RW?)F?#y6s)fST1HlV#v8ERF#T&(#V_zSV*YA9%iEZb`Y#
zHd}sD$eY`<ley(=&YgQ>?sK)~jLSWVMP<{RJ-HP!mImMAlbLrnx4v!Jy-@x+E~h41
zWXXH}+c@#?j7j?q#GZDzxxBKu_2!G7#KcWJ%%7e19cg$IAfhgIjc0|q&m}Fsg`uhw
z@;?6Hzx{RZw2IOqvy99ATw>~LKj?{>FYggeJaDA(($`vHt4lGAI_Fbo@BJzc^7+P;
zq$g_#4&&hVIk>2Sk6JVv2(-Mf?b`5N?bX65Nne7vocxd4Ie3Ken%b*uys|yNkIVK8
zc>JpLx1n)ma>uPmK2_a@1ylVpt&1wYZGS9z>sf$(ftaTIqb0Q}Kaacd1$+HF6fs3u
zN^s@pjLpV75?oFh^_=1UDWtq<m4=^Aj^u?mGnNF)I4$>5`1|Uk{5EMe-H)%HBwbi0
zFRF7c>S64fJWomOLmi#WOK<<y3%LmP`R=`E!9L&r<)tHGpJOXt!LfZc>~zs>1(Cbo
zwI#lBZu>OjO0wnSWxls&`n>9#%zuC*vPUrBK;PZ<?^#vsh19<;x$DBs`R;MS`-dJY
z>UXYDjVgHE5@z{MuH4{J*Gs1rnSJu|>-zN!isr3q@>*Nb7k=mA>4VGny|j!}@CaMy
zUK~@IU)5p}_Hov(<lG%h@hfwEZGGNO5t(Mkn4#-=?d6=wv$$Gk*A#o~+jyt&>B@Ge
z?~ON{9ZDj(j_uDfThFN77@?=UVs%U5>q)zo>wm~PxTb8^m*YOyc|{C=bw)3Cb$MM@
z_WRYmz3eKt8CTv^?7e#B+_PsK2D~Q5f<Zq*bNKlaR^Nyad-(E9^HZCiE02!N+9-LG
zF>9Sb*>;IY6|M`6Ze7<l+?`>=opGt`Ox8xjFDJbVIA+?#_kNqUbnW%e8H{EZjE*ZD
z4Bas~RzJS#$fVhCKW~2ZeD=>ZzrI;H&3_{zvMa;8Z;$G^TR+7DZ_ZjZaY;}8^-T}N
zN*l{A9Wmw9oX&J@ZJKfW6t+oBmzVJ7UJRX_qV*)4ZNlCUlgtZGdTv`?$Xm3g-udy(
zO!jprT)!*volNLHc7CqkCw8q%Dta3a8eaP;y)IjX&2rnEN|`q$g|BP4a-EwZUuG+&
z#yD$z5&3b~aB@Qb(%s7n_WxPb9m+B5fUv|=`zhVGlW#ZXvrjH_5M6Du=gpbuIX`61
z*{-=5GG#*2&yQl?JVifjTApGVI{V7WKYaT#ebqHPS0}mX?rq=Vd1iu14aZKaDw)IW
zAIkgu{g^V(MH@D+4Xl!JmpFUa<zvX?X^S{=k9W@XTerlOTZ^%9_KUd&anl?O45VYD
zjc?6vpV6MWNGvX2v^22kPLa))rc-SB!8KW$lkQIPiIUu}`YdPujLrX*pVeQ?FZ(CX
zI6q~%yx+lnj@wHE3MwZw3BSyV_?2ezNl$b2ZOi!AS+XDWTG_SiHyk?oY>x8Vi{YE^
z1ytpUe*NR6&7b4;ICSa5Kd#^ZT#q^M-?i`IoqqLY+e0h`>$oQvf5@^}Ip2UOfBlTZ
z*HRZA-SWdqU|IGNjym6^a{|n&Mf3F!sCB<tJL`!3`h)VIlB6~AQ!Otu1H(>Ed}XLG
z0|P^}bADb)YF<fvNM%84aV%)?_iWh7yk-M|z0b7;u5-<CUA2m9lJoT7=`xp!Qx7`a
zY0ACnH|0<5aR*h0$c)Js;*?U~Y(FFIKP6$?N#k^0FXMyG<xluy*(+3%j$OV`8*Ni%
z{w~LgLoAx}*1_E|?e8v0RC;&xO`8z>mYY+?Uua=b)`!(zol7pN`!@EpAI=uy%xjQ7
zAHi2Hb;sE$d}g7XS%hAx;5)1Gr?%RnyFyO&xL$c+xN&)kx}W1ReunEdc{@LArQ0cW
zTUVW2vhUV<h00q(2|M4OxmK=hr}CyvguSEk=nm2DgENCu<1+fhPwal%@+19S`t%^3
zMLUIp9!H4$Xm7S(kbZHVi&8+Fqq*yne>)d=2#GNktto2xk<i?y_-=*n(v_R0a+wH;
zSY30KkBt7h?Vab{>nAs~vX%Qu+NZgtN7O94_25wW&MRJv?TRxaGG|+)dzik{+pIP3
zl`31PfP8Vn2X)a?=Px&FWLTYj*qL|ql*v4o$XQ?hseFr){4cNlSO3)ZsoOd?>wBI2
z8}0wN{zc}e>+`hCr_T&`XWy!R=f9lkli&B}R^6X|s$O8iBmGZbxIq#8?%@1A3m6#~
z0`XRogvNQnh3DJ5xAShFkUa45w;k)k(@b$6YYdX~H@#GgK5)Y{N&nW~C7P#{oF=lk
zT7HY$`u?(Abo|1@llzplx4C!B`NONSY{g7P%Re6fT(W=c{rRzOR#thTrT3>dISGFj
z@Nco`{uDUr?mXVQ{dM(^__sugrY$x&yZJ}X2Z8f!_VfNf^)0mWb{Bu>Y`5OzqKla|
z?|HV#tF-*u4@a7GE`Ru@eNTt+$9op~%M(@OrfokQC|M`w>wkIS%Gd7-q||OMSRG&E
z`FBxIdSO`W)QH$f<)_n4CiNfp6#1{)|19`o*liEV<-UtIdj_2mTb*(v`mOKe6=%|a
z?)as6YI$t%VWs~v(_QD8td;!rt4#7-v6SI;shMu^n-VW?_+z5)=Q6wX#*Eo2zN^~P
zKC?xA4d~b#t{N)Ezh#;DX=}s75_7s^C1aN=>vAtoI_6(!<N5AU+P5`3^d9e+cj}$p
zl%t`Ak@K?e`p3S$zWa2Lw_B-p?AwC{iygvqbIZ!M&-s|P<L(ZPqTM^UeE3oq<0rm;
zw&kMRTYhhD?6}eX>;J=FyFb=0b$xq#;+wx2pKdSyy7=Vz-O&}sG0_XFw10)ZyI!~V
z_O)H7xyAmL#)aqJv%LRegRA@6@{3;2zs%kArc3zthSI%v7YH9WdHwR?Pp@=|UGgt{
zJFB{R&c};IemQ>5ZJO<-%`^8!n^~n?`+BS_Tw-^%(=Fc9V)L&v&dbxgwtIG5Z0^R1
zpCi92o}2yh!@Hy~)2sRJNvr0*xVBwLcc1R#4@z?3%(*tcM_;~Q@9cZsF8g$u>Qj5Q
z?US!^E!yz(-P+Q*;@R9YZQ}kc-?Qq|%WpwtA-^Y_dwlxWp5#Bp$-z9QFT`e-|FjP~
zwYx7_vM-|T;fr-|C3kDhT+O}F=X~j(zurdwZ`}B2%e^s7JgI}@D{uAxpf&1xN8_Ts
zqRajVy?Op+*5@_6MPcGsr{3MK^WC!gMD4Xjd(_?LY+wJrO`AR2;${E+7k00ob!zIa
z$z9C<YPzf4>hsds?gtK6wQTS0s)`S|duK(S-P&DS1MgNvl~ym_^>@pwb8e;2Gq2w5
zef940s%q)0d$+zie6=>>Sm4s7v!6f6dR!8jH@75z+qnt81svMGyQaPNe7kvvPATJ3
z-y<dB6Tkkx{6}x!x!IFK_kNp~+$sE;N#JXiUiXrlSr@mR{B|kj*Q3^}p)b1M>gByy
z_ISs?#ZSYpr92h5b@z|Bc}~qsDeqs4^aYmw)X7V~YP)AfMpf;Ox{Gt4W*Sw^Uy}KG
z(Vo4P)2H2v)hPR3VN<qfM|RcPh*?*yePbSeDKoddc1)v;DN;Js?!4RIEc074zFu1)
zcWFoLnd22YH;V4(CRSL9O*Mah^zp`y^J^znZkuE7yJ?TimSr!a^!--<p8x5hbL=;_
zKVo)X|L2{Rs-5=N<*NUkFT#mpzD0sB14F;*-wREB{p*9t>HFta*USldTekJBS@oL8
zi#a8d(;m8STroS%e)-vllIiOE<2(6l>$@t;a+gMis?9&*X>oe}td)&s>*G^CZvMUN
z?V`H(>-TW^KQEp6`uDQ)ul!RYKc7sMaZ6&oH_dZK*<0Q4eZ9+;>HpS~`S#=vuYa(v
zjqm;Ab9V@rKk~cNX<exP?#SF7#kc29iz;WkTN?ovg34dNlexNd`9n6f4=nQz2v;!q
zKj5@!RR6#-@Aiihk^c+ta{Xun@sOmZ9Jn0H?eEPW15*i;Q$74!^zdbFiD(vx32^Zb
zU#=dyTvoy+&ImUhEXQdhUpen(@q?E$teU$UP^?-0=Htg*NtJ9?i@PVNe{z|3Lby`N
z|4FCK#N|Hox{Sqlt~>WZ3B*OnX-;1L=!)ySrN;X>ph}@~r=F~|sGPW7n#aHiVGKyl
zs8Y)>{z)~Pau22zpT$|X9pq5Pw1UM={T$Q0Hh$|w^*1eZHwc#<^1H!lotS>y@94|!
znA`0LA+UUL_uPF^Wm3}?KSo3bIOKOe^*g$=+vlz!B!a+V;MlrTvV5gQ@x+%OzoO~T
zEL{F*kL$FzJ5ZxmxIAxXaN#wj+XWKgEzszOnzsG!N{jS~Z+G`-A3{wJx8H@#+2|qT
zj#Xm)3DekPq7PAQKbKpsbuR1)o8IHD0&s$Y+EDm>o3-e2?N2e&3tds2ReXEyzNqqF
z(~j>@f+xAp(M8Yoj_2$$KK;7fVM&n7HT&aT9!F2MGu=&|Ake`wQ9;P1$wT0$uHvNG
z)7PJ#>t6HuQqY_ljSn_#oS4q>vnxrG<}SD5Lr=K2HlpeBMz!)t>Hq#D>z~`y?q8dt
z6jZ3SP~n233Z`wxYd!}RYAGJ(^+8Y9+aIp9m_8wswI&uhe;g35@OrS)V&;UU?0V=<
zxcwnyj_-+2Ol({jDZX~=hb^*m54wUg0NkcvCjX<F9Wue`1%jw%-Dz9C)`ESa@CzP2
zCe-{XRH5bP^kf%i&S9C?HCdo?+PMcxaO1)5)@)q<=!omSJcAt^NZB0fjpB*#C9zp?
zE=J@A8(QYvA70TFzdg0^>Vsm#iFa#PsGBRkvNt-lclCzUi&NY3exKBxIL{>Urre3L
z3$IFgm$bdJ{>HSlEmOZ$%(w3LWe<~|mGQ>hclg4?J_k--U9oMSncw6`)9nPrt+t<W
z|NZEK&3~pW?}m3X8DtkQmo)HQV6<{zf58yTc|ksOMHl<q)1t3fPwT7S;Nx;#s3Fq2
zC_tpkDNuvUb)k3bs)|?pLKg1J`*nvKP0py*N=xpbe)x)X+kbCaU^+BJTKCztz6(0L
z%xUwUI`$wf)zrVmYnFt3EU2~A)V=@w{ObuqK~7#CoSKSH&E356a`x%9%6;zj74^S0
zUF!;OjWm+&V5h8f3biSVUlnlvYb=r-U?(o+3jN4a_j7N+^_V-{Prc`X)x#B)_%76v
zJE6Z{JZq*Ny1#;2ceMwt5T0SvB!_C>DbcD8E*|S%e&(ox8w3szt?(7~8>$yBJF5Hw
z95QgbR>Ul1_ijn~Eq5M0fPz|gv3s{XvDnuK2~32RkcI50=cfGRTRb@c6v_yR7_fx3
zn17ZNYD5&Z%ITC(%B^_fhgITbrOirCOrPBGoc8u6+;pf_UZPbS?szWC{k#Vr%@8G8
z;V%vrsdsu$!s6b43q`Uj%#xpA`u+6Wlvi^8Yu!=Z8`N3_^5TnaXZNDp5(=_Ka+<eX
zC3*;hB<4ogY>{he3J~COa@62pU8o?^a!Rmj!xhhU+;9Pi><XEM?5F2kxySjp>pqul
zrJS>Cq6C+7q6SavLIaVuLje+11#NN$rIUV!ik{kwFfYW`seECY@WRNr{mmLvyEgr^
z3=5Rg;SE~AZd1YuO_{1o{#^4oS$p>S(hKWr;)DO}((PVtEB95L`M!Se#u@RSN<^m5
zQaqlydE!x5x!PHok^dIzyy}zw=KA~C=5;}anb+dxlugp=Ww*_kU3yRTw&;1QUyok;
zx+PdVQ%h&Q8(nqHptowqU$%_yO}3l1R6WWGm~Y9xdWWoD_nKO<*ZnK^%3q9=+4}qO
zmKEh8W?h?Ct(|i(?er@1&+)D*Wzm<yvi@f;j+*YWHFdAbs;|$UI|RmViw>B(-+S_l
z$ze~UY`nDA&N>n$>=ae|_tLRSOWxJHYId(E`khgidi(FC^HcU|TDSQwJzgL?Ro}8j
zxBBVk>0boC#a91Tepx7gF!Xwr<=ei5wfio_x+ZE>oiUnQb@|epRULN67FUL-R))<#
zedK(?^M!W2r@J>d=5GCaN&biWv`l@y_pV>cVoHOjUtPl+&^XVvLXYdt8CM2-xzpWB
z=AT#F>$mF6R@%1tM!5Os?@6=6l)lS*mRSq^PfObFd#FgP`>XNqP4AD)N&9y5LH+-K
z=O1{ct9^F8etUgs+NtNEvr_b}&1FAM%b!0xtjTn*x3tw($J??8{5hfyW|bPgwiVhO
z&VPBf&0X;g|9`y~X1-=|>+Uv=8>=l&ZJzioT70Sa$JjY`ws!sH&fkwOzj=IlBHO#F
zhFSamS2XOJ_W6|ms<!$qyYmDWU!T0BCbL8CW7#|Yz-+-q^Iqn+taxZAw`g1DzGuZN
z9?HC}i$3!FcTHT_<mqfLKIXmn$FTJ`L+;^^o{U<0a_j%fRPEWFC%O3KkKcTO>4J;=
z5`-2V-~4)-i0`}o?*&SK3v4a9tme|6etm6C)Gp!Qk9Ttgy_DxmJ6bAv{H^c7)g@QX
zL3^9${)5-1@}9b2_>GT&;j2C~o=F`-ooMi=E1pg??;{;pCz=VR6YVGCxzX0?$&-8q
zL)WuBCm*_hQja?P{%ZgC%OShFyDKN9i!(oFuU&97a!UWCH{X&z{64-t{h!0^>4|1s
zmu<TB+4w)!e0cmcKJM(f=PzGq)tnGtsy6Gyv*!<wCIn5}{P|&lobRJdi~oxAkIt;f
zpCf*GgNT0j?T0Hk?7NpOe|h0bX}JaO<eUrF=GS`ujTAipcny#D#$B7-y7V(u<ohRU
z{EL>;UAAcLvWZH5uic(cPBDvLH!1P^t=VdU6VHDx{OLT!|Ms%B&3}qx&U{*uclLt$
z_R|IPE_Lj@c*5k@B;MI=N0%Rc<Fmz5Sh{%f63?Fj`S%>O<<pYhPyNok_T8aJetV4A
zrYG6EU4Q9u`q0W5AA@E5C+*%b&vt&T&Z8Z(PQAM)y7~3Z-;aW_>sLkXzqeO^OG?Pr
zOV{LhwsUQ{YL=E>zFKm9+uviZ6K}s=+WP$a<D^|RvF8PAm)(u$aoJ%P@}J-Qe(!s4
z-K=|kDev7U-~V>4U(Nn~-ovW}$*rr_z6jeH{rha*?H78rH)E%Vp8eH(dhNfcZ<o{f
z*M9ZAuD*Jn#b(~<>$Bfl7W-_TB^S5uYwN<_jd9agn4S3WCv;+J`J0@StBTgMUsk2A
zwttqJ{-yfRjl05^@*=kW*uwXrq<H7Ow_ko`b@#@cIbB{D=igo){&~~7I%}cevo5>$
zEzS5?D%c+WafeLC<4i5T+IrcnUEd<3w`yztSKK*wO}Id-?)QYX{XcV(6(|2aT7T-a
z(fn`IH!Z%kyF_sR`g4}Y?6;d8-N18qYuWVw$!qt#wwU&?BUPgB-K}{WS5MlxPvG>I
znB(?)R6h5weQUo#AiGwvts~(627djcRZoK6^e#0?<<~!2=e6F_|CT~}ZD8)r!>5bp
zZ)(4zu6wFF<w#}wue=>)8`>tn`_cPubJ@HZmkymW{k5RV^7QkomC27eDsJ?ASQZ%g
zo_p2o=&NUshi>1tD!PAlUVi9y`S80pSG}`Yw`+Ik-P)Ma{MEa*2iES`$KP$CwYB88
zOibQfz3zLS-<OrQt!Z|)$h@>I#y4yJ(bSc^8o5f#Zg;G?H~(4r$K!kSBEz!ZTTZjs
zsP{Ku?Xy)Lv(}2|&dSmAU8Wxwk=wfN#=A#tc~*U|-|Oz*rk34);oY<SI}#szUyryX
z9^0sK_IaW4>Q@h+y4-zz_-yw(8~@1{Z>#ve7C-v-?CdQU-Z^dDef;r8;iI{irH@`(
zb1U-^*K+gSneoz#Z*ZpMiu_cPE?pg)oqR8HagE30G(-7E8xu~~?rwefGa}^PJn{bH
zN_N$%pL0y}XQfmcX82s*W@oMczW$Uuf9Or=kI_Fg{#Ki<UmH;(oN8Wp*|#Oq<fQ8o
z_tcAfD}u#%UmyOgQ@>Z^b77F#?W<d&-*2pP-F)%)1`hiU*SlAKTdw6lZ(;rWZ&b~L
z-@#`#Yipl9t@KmH?@(l2tUvD-*RM+5^Y2{u6)&x>e;Zn{Z^fyaJ?nq3`DHTg>ino<
zi7H_aN+-5t-oBUhbauw7-<w_^N_0PW_k+pRLzlnQ!uu`I&d%?5TdwRf&Uk+qsbdY6
z+WF8gdaX6DxdFK2jMTD!bNF)LpY}5C2hyl*_XEL9{^7bdy0!&abOiJG>nG%(^#i6H
zxE#*yfBT|j3`Xag=gOhWhNT#t>zj`sf4A}c@A-+R#7$fg+;;|bdchs(nKq*7dPT8w
zAG(6M@Lq1Pn*Y(2-8SCoHG;@}ZuL)7P6ii#Qi?a1NNBN{2sh?Qr%mdokU9HKeCKhK
zz_jAIK37h&pc|$YoIU5}sM_$#L;KF)j<Rssp>xybc3l?VxecRl-H)RWeY1G^qdTt4
z-pxSmdJ324?Y<l`XXlA8KdMkVtLpEj><BKrr*yh320d=8--XQCdcsTwqvN~JTJ*Wj
zrdo{t?dJD>M<u(D6dpn9-+~jv&GO}sYFyX7G+M`j)C1iiT>kCuN{i@;(mOCZ-L>Uf
ze&J7cV)U)k@8j%3?>0WY8r+2rvtN$03$1^8u6oU9TwUmW)}re2R-1d5TFbJd_6M2H
z^Udqp%s+EqKVmrHT>i<qHPMsvv%LgYT1*WPcme6Fb1FHibo`knaPsWw=}*rE@2gyC
zF?9l#!KB&>t#hg=QH=4|(MFj-y;!xBmyO)0Lq?71^7Fbjb4JD;a8ShP#jY2dw{5X8
zwq7jj#N<~Pz1Z4{TV2HhmW^0D#40Z9R%11ab7J~S45L7<jd}7Ky+ho%oCP!}^>f}q
zY<=!Cu8p~9eeTcIt;>IuMxR-iU8ASIX?OY66#hlkMv_}atHffnUu>KGrt`}hzSGYf
zwl%vgmsT+?xxaC`hN(}r>XwX8w;SCSojl(@EAmm<j%~B5eb+s@`RkU2Z`%Hn#vNC7
zroMaIo&5O^_X=IcUFl4S-ZQ8xt?F=pb$}@Ut?AlVxWnT8HprrOX}X-kxk5i)sa@$*
zd-uyuacHL+(%b5CO64jIv1y857jXX8f7A}N4X6XX&1v(VDsTt-Yw;?49cZ1_d7mim
zK;OgCfp*5%fqqvh_5ZWTD;Bl>1!#T0qE<Ow!AaS_uyn3p$-j+Tk@*p`bN%9?kmAjK
z$3J8Cl;2$xQnc(_zZkO{d9g@6a^K+>DyU(u75?I4k^0TPqmyT0bgtb`&rOk*+lkrh
z21!)OVe574mQPBpHp3i0kkc)nlzH1mA3QjKh}cu2Ra@?OKAN-y)4eO|by}t7ot41s
z_FgPfpSkOJ@N2Zrb;!bd7mL&-cjXqN+u{YbrS0h?cg*37Eq6TA#rW5<gL=-8jxwkl
zUDP6{TRQ1ALO?;Jr71u_%l*YgBX!eqr~Qw%JDs0*EFe$<)N@93qvhr<boZH?QWx4<
zqz~2s?v{u4Ux;0C(=B6K_<IGfrHj_o`Grn#_ih$>!N?!mGzB)mv)?qRDE@P*<`?bz
z*G2Z{b>IA|*smw7wAcS=Qr*eRfiW3vGRwcZom=<m#pRgOpURJ}d9@=kd`q@Xw)R=I
zueZ7{`voogxPUo#@44M6yPrk6$J^~a$-#5{&a<2a)!OH!mId-|zR&b_O-7&2+F3g!
zLekG2w90E=tt37F=&s~f58St;yT5&CF*np&OZsT!%@Du*&7oIkA6>5`bXzx5%k;l#
z;9BoRw>HfazFPISc*zRAS-Kkf_m_Bn@zgHXl~Y|B=9jdVPjT(8y3EIWX0)Y-?u!h$
zXg@3dMw$I@<E8qLF0|;>^Pn#DTSymr_y37sw)8*Pl)HDvHunu-u`kvwHW0N<o9VYT
zGqcRL+wRC>*ATVJu(_}<boc7+#$40Cmt=pWPs`NTf4}*~*Bv>_?@j-#=D=Dt?cq+H
zg3SVqd+eu8cg+*KUcXO#)0*xZ=ZfO*>fGzfjq1KruX6LP$Di5Vcg;AvD|N1&e{*V|
zVDYP);?4j6{<d#+pF8tRdTjpwYcn<Dr({mDeSfFqQ1m@}^R=wmRnxDPWHoKGZIBn-
z(scDz(zV;do3Deq(6%C=F0?Z9HH({fxAEL~4e3HlFAWEEq3!Ja%bod;FTZ&d)P+uK
zn6+=ey+iEj%7^NqhwX31ZtuC+KY2+-UdOx-WpaFh*^;0xbnA+T@Aw06o5X*zyi(v-
zwqN)0=iGf7r%o0#e<?BlQqXWKw!!S-j};7};{DU>_-yaSZtuF7@~5_a#b%yBbpy_e
zmv5G8cd329U*54Rwj*j+rtqTWn_pkE)4kjI_hT&U$}jxvpKl&l>YF{g>H5nRGpF~h
zJJeni821mn(BOdjV~;O<3=AK^U1&xo5eCEwDahx9fKEt3Ixq$Gyp#ZMRE@}|OMte-
zA~cFHVmVX<T|4qI3jzqe3=9n7%t+dy2U4KxMm}`_bQA-^0ACh@2Q#1>hP;0sw8s@;
zSPd)0Fwj<C<ntZSO+emS4%)znFyTKN#02o7H($cL?$J$tkF+HjG{%82S&ajW$w=0K
zM?BDtL*D3%8fhL}5aU2zh3{%c*N(i86E&n9xgpw1(DnwSn}ECt5;de2@<L1idjYb;
z4e#zx;!R%0M~ulvpj9>Cb$P^_yqcdFlff~8)nw!a%c!xtK>&-%NI?VM{D<z)e@Kfm
zLCf$EiG@Q3$vEUS&*(-VuWkgbVMG{FERSLY*0r4IrXjBwL^Ul}0hejGL#q{Oy%ehV
z(iKrm1BVkhKG7Y7ydnp*unOV5?J8K8S)m(%JQ|4_V>8r{+yG0zV3$BRSlxqMGNT%I
b*A%~T;9v^yW@Q6;0aT!$Wo2Mca0T%IzPhL(

literal 0
HcmV?d00001

diff --git a/samples/office-samples/sheet.xlsx b/samples/office-samples/sheet.xlsx
new file mode 100644
index 0000000000000000000000000000000000000000..78277555781e914440857813ff7fcc7b94a51368
GIT binary patch
literal 5507
zcmWIWW@Zs#;Nak3Fiwt*W<UZ`3=9kvIr{NMsX4{^<@rU~N%{HNdKI}jdLWUtL5^96
z4FvW)7fpJ<_05u&Af4wzTsxP&WNz8B%_qk*!#wxX?^V7TG8_xp=N~zfmEM+k`fA~e
zqv~$2_5=r{SaOscyFNEtwC2sdd2tD$XHV&Vn{`=yQ>?<oG8xScXC8)n8Hus`&g6e_
zY01aJ3v&{3QZJ;fkDl_`CjOMgwT4%2!8uv1g~8$qWy>4>U;O5KSu&=&SmMG*S?-gW
z;*%Hj>27L@uTbmO>1^CHKhZ9g?NM-l32))C{x{;mx9WfHQ13o*ouxj6>-%S$H;*bW
z>8<ID*k9~(+;m-vPyC@XUX{f~SIq;w**W%Iu#$Yhz`(GQiGcxkIPpWm2|0v%gHPt&
zHW1kRU7O`zs^`5d>1oX2eG?e&3M@Z4bCR1_c9+PBkJA?YzbBZwRP&ZIznLZX{XH`)
zqwdYgekpq}Vqxf+MUE$I0(R=P+&cQ^cJiz9GtwunZt`BMkS4z2P1@JI%1deUGxvUf
zv3HZ<YJu6V0yp+F&AQ!~=McE$%Ccu3%Wkr6Gd#c@&6uFuoG9VfJd69NRZHtnd7jv5
zO6|Sp_)Rt5IPiG%9k~~_Xk*S+oz|A+>lFLV&!)!-zil}^hjn%Mt@z&QA8YC}f==~C
zo?ObBwdK-s{hQ?{CR#lTGFtzD<D!kscg=c-j3qu=&gZUuRC$n6e?0oK;=N4exGhe4
z+jm|JI>vMMVN`F&q7(l`Z*FU@dNT9v+~?^FxoW#4*S`4ltgh&KdSHSp_nf}8$M?$F
zlfo0vq+P5zVe{msv-OG@zD`wPT*((j3pM6gSu$PC*3HtWxIFQ8WPQ~s-Ya{1qE?mM
z6A!uhl0~ybBrIi;#O&4u4LkMS_%^mLEGwS1-@#zY{1?qiT!E)gI{fq$XW6K>CHqgQ
zWq38SkmW>~mc%QE4oTWal{^pi47&VR-_&!W<clwlmmJyCENJ-qW1ZC;waqUt$gf*G
zQQmdC@c+XZHXkqFHd%U5b#}_Ue=3odS6Kf}>f7h)eE$UVl-t~Ezuoc7d8@%X<?3JS
zG{^NFSM@<@=FDyFknfBP40+7>(u^=9&6H%M=BDa{NkdT1x;xc3|F!{7+xy?5P48Ae
z+QE5A!Ou{KyG&z)^R~N^Gq+v!*rd4f?Wgz4Pxw7rzwod@!i$<t58E2ouAaTS{x4Li
zbW3(!DJ*r@N5k>#>5vyT3-9mCyRWaYk*|bn)0G()l%uNl*KKcFsvV&C@!>5!#f7cK
zS0@>s-YfmaH*(>(>c~tHi~L!0ma@g|Su-ieYUY`lObauG^Xt_2oiRFC82m}S_10A-
zHdTxHyL4SrH7_ox>5FIbxc*$l-qXhQ#^h%2&5sp7&#D!uZeH8)MPP2-nv>t<mnxoD
z5VqpvPkk-Ao8c1gP8}QG>kKawf6cnL<(hPn?Oq0k=liBSym^u7k>{Nax+~)Po(P<O
zzu@%tFOM1d3wvz;{y24???>zM>R;Q#>&zbfyeqr^jwko3>7NDbq+D-2WDfCI$iLXU
zFa1|j%F;hJUFXvTb-wY|Ese;oc~$Y&>hP6W%B=lMZ&oRoTtB};?OjA7+nr+h9tKZO
zRT=$l3tDV`iD*7#mFPZa{<*|NM=;7zx~Ap5e+v7peR3z?&Uf7u_sHvodDKzU!fSaU
z8MCvbolecQ_Nv*i&?DMwV%}b33C7($uAx6vdAp|1z4eOaZ!xQxj`yo|u5m(E{prhB
zH=o*{S(E=aC^XY)?Kw@xnZM67maFj;r>?o(p!-VXkY{Q8l!A;|-zV42KDDOaaz^Tj
zyZScam)~DiTD-enJ}r6X+s|+RTkijRDB^kkX*T(9o74XagOb;`4Ii82m>3u?a^Oo|
zypZHoTvC~nS`129ZzKHuZyU($eIFdLuU|z~WX2_hV^=b#bM`7J`dZI8;;HjTeN$}4
zk1xM1{Vum0QY&p2U8#OsfB*MCpWdt}o7_G1!HbDmho{VW_(J1I$0?tuKGTeAcF(A{
zIea2Qsrb;;CB}CGn)NU7cW&feZZ5i1tg*?&I3_Z>o{MR6Xox`Zk}R!<o(s1qh_&tF
z@mZ^RvR9c?&gW2p6vrVIKjEDs#fiM9t^`GGxafSs{C*L`aznSccV15uo@!4G5$<a?
z;k0Tr(VTMU#gQA#nMw05DnC>Z+EwJq^7XOz**#8<ERTEH)z>ajf9Jsez3rZvp2)FE
z`BN;_3cguMx>t+%n6G>l_vJn56_KTX`P$#5yRIzhR8wbmx_w~JcdzFgwzi#qr8vbn
zNXzp_uI*vghi#AKel42!M9N3lkDL3@tf^D8*REn#Pg*N<A+q?+mAIYn4}6h)`sdi&
z%e#|4e^cyO*Y&nm^)_Qp{qw!AtCr?DyqaZR{M2Pl+$Fvrcc%3$@IL3I`J($!_FA2@
zIlpIaEtoZ-RB_dmwDSsY#WuXzw)MA`?rE7P_r;aH!@sp}I<mT9xw`Kw)`r>+pJ#86
zd^i&_>tuWDtj+%nkA!?T69~V_eD=DU_B7_w0Le97;-0Ou=PZgXepR!NCyRrBa#Viv
z_vEx9gU@X<=k8zIJQD_E&m1}a`-``vd-YSbd)nrcYm18i%|FX>`0;N0GyLa1UR-zl
zN9e}4H7}mauif8lTzkRQa)-j#jeZ{)T;Hv-JbeG|+}Zq-cE=m#&HS=BVRpgN7KPWp
zUZl8K)J<-vYujISsl;X0KCh@O-_&bg=3Ew3|0kSoa{XpU`7f#WvtIFBTd;gizsA2;
zyE%o~X76{ubRU#@d;Hr(nwc0Fk_GXlUI|F*1y!iU8L6oy#rj|hTtdzb^Uc3)A+Y!T
zdV!J`nc0zfb4^yhQ7SdN&3ehA<FeR`UNLtu!LGxTrp$eE{r!YrK9`&W<Z}w!YHB_|
zb3SKxH{9q}^G2qtN`C5>EtsY%i)U@`*nc-}&tC!eYlcT>y0CWtV9fcG`7^xCp*Y=}
zL0qt5Q}>P%zxisNXT4X<n7e?@bsm%NQ5oH{dK+&sJboCUI{9Wv)szsQ6+0X)OxGVg
zut>miPI6rMf*9r`2P5|{xtd$vUU>I&^@kma>|9$P8!xK3S5dX+%U|w2UQgI`#quU4
zUk$33eCk>BN#$I%@o(cLC4LLvwVuDShI#d;>n@Ro#o@2Fx2*MCxpu-K+m?pMsbU}2
z`-X75JW%86=czYii-X<SvJH&iecAW#KALS*@-Ahj>f48@$5@{pHtyyT>HeW(`*+SS
z*~G);jO^A`eL0=&+>gS&)2w$S{JG9irztYw>dalH_Z}p+e&Wt_OtmWe!y>fSSYo4g
z=R;MIb?qfNyBRrmGTYg0UpIG&w;BIcu~hy83lp}M%wvjeU$*&u=SQWmI6uz`EB=aV
zPq@@B>Av&+Z~2Gvd;1r=AIX|*?5VW$^2>}`(LVd_RhIfUnXfrcyY|{TySw7KuUz@7
z$s&tBe9C&Zdqb+Ad(WEcj2jakEiNrK*|guuX;zL(E!VO0u~~XfM*~(xt9rD`H|?HO
zv2^m!-IZ4Mv(8q})zFSVknQ*GX3H{{xajuK^z1FwOL$7BnW^9CsOPMn&?4y3ms^r8
zT>Pme<n+fmmfOzo$SIxjzZH8c=hb=%i>Xb;0ec^79=$KXm7}qEQs(RIW!Wuv;-7EM
zJ<Mm7b8=U_-{us5pU-8-pHH{GROjxrX7`F&23rJAtu37q8|eAf_jB5d_PZCj&+A^9
zJok{Q)W?ofhC3HEa-=1^UA{~Br?>khlW*Z^Wleh17A7y7{Fwjv=WV@hs-jU9+Go;_
z|7|b1yGU8F{<)^}Y(56oMbc|0*R8lRD=V`3W{11h3t^$WE9QweN{(LF`<>OT%)im>
zp<Ew(X>?Om@Rljw${II5m_;0s>NWNWn4Y70`u#bP|AAcB&#&)D`=1f^<chKOnm^e`
zf0czlcyD^`r`q0Ct94C8!=rap<kijVD%KVIXf5wCz4_pz#bS2L7b;3`)oXGS6nAy3
z4AOhRZ({v<*5~?f&ZhdtPxj30I&Hq@l6?5X-)GlL-8~*X>$usjMUmCbqQUj|5A?OI
z&76}MZ^dn&9%*!-;z-+>`HEG(i$2uICPc5%kv#5s`rrA(pXx!GoylnVq~**E3=Mdz
zDiKI#FV09TN=*qaDay=C2iI7&eYRXoh61hC{({S{uMtz4l)~+}Ve<v%mNzfh%qE)}
zYgbh-Rw$d+|9!9gWxGoY-bGlXZQ2lHvS5PKJEd6NIsU(YvWavrKgU1w!XaVFD0Aa8
zi?XKNaMCx*+xqN6@~1r~l!Hq3cB<%yPFwwK<AV1)+^3kl2)(?f^wUI#R-1_t5skAn
z?y23W-D)f|_oq)z<(Gwe*ZGbWxfie>Oxa?w`2Gd?4-rWR<X67V{LTdOYvI(^=2Z*~
z44)YA6>QuL3=EL&6r>9^>AV-Sp+Nil+O7%J<=aGEQa11HxG>wJwqeGZe~IQZ4J1oz
ztD8BZRxV}l_pJMT*4%m4U7@tEU31*K-11jNY4`N~k*HogpYQu?>Al(EXO+)|d8zOx
zpIUY0NX{39NqLN$qz!Jw1RjcrvwD=URAy&;%H5RemfYBQ=Km=#zICkpb}!@J@7}QX
z?=90etbFa(Uj8JG$<6ZOqwqx&biZr3=^O76^gr(s9J)ZtZ+DJ<`Oj)U4vlNk8y|EO
z&fO8Rxo5`yQk$LaMRV<ipSP_0S8Tb1!>#|{o=LthPiI^`a8W(Oo&gjvX{(yHgSt@G
zc)L)73=9k@`N;uA`31%L$@xX8pf*cy(CNHp1A#r?wI{q!P~cxGCa`jCQPvVK&nv6U
zuiq2co}hD^^W^>O4hosGo%5}&AK#ol`R7KRJ<J)(S~C}Ea7<*M6dH5F#&!1BL-Q5S
zM`&5<YH?~>H9CHNqnFsV!Rv7MI*|<R0~O~yqz;92m0i<n+L&mqv66F+lT}gl%Sln}
zrG28Q@h0pt?GHt!CulC8_UPD!@MdMJ=pwU-ReSZKn9muA1T<}7b9ZdfkK*2CVlKbs
z%+yUH-<CXBwnd%&>%|Voi0h>R{ZT7l+aJn5{XEoqm43=*EjA7BbG-t~8lxV}GggS*
zIj>UI)^4r1M)%>0NA3&d@2_7h*?Bz0rq=(%`tQAo;^9`=H@FK7*$;0CxOR7ga=nU-
z-ikBd^Bzii)NjsGbzWte>ew5*YjHm7hxW;zcT9Y3t#y9q|9%t2#W$~d>~)NeJnU#v
zuit%Z5p&Kiv)}#x3EQMI8T7Ut61%YU_lNWKXZA6IVyN+6nOQO;1H)~+F(iN-Lx}|i
zpa_~f!8iLbq_=YL%d8u`-Wo>>Z%SB;ZgUPR<6gIRi(FrB&hjPy>-<jNnx`K7<*4$@
zrL!|H+~lkYxMq?ODKMo`FifjB<3jlFdFunjl*}h(XD@I}=g2rb@5S=%d^I5gn_LVQ
zIv$s}EA?2R&)`GAl5L)I@BL~#KIIqlw%YY9dm;__5|s2fR~q^V_OQ&{EiDk+`8xQI
zen^zzeetrlH&x{p>+<-0=ID7;edE@N($#DUDpT`0YYY9f4<-k-<X*jZ_;@O--s(kj
zYBz?a&Dr%n^zPO3HxIi^ulvC$SQt9#=<5|*&Ukmp7aCWWi_X?v-K4Uc=g(D*eXmc|
zfrE`B>gv&-3=9l&81dzJP(Lr)IX|x?HLoN-q_QBjI2IIgdqcea4;%38dmkRMbCH=e
zdrQD>*$SCNp~pQ=kG3V|3aQ?_@z2(e>#{_(LGGhVD>m+LkG=jg<D%I~nKhH6L{lbw
z^<?VGRtycDF#V)+m9N|3IJ-!x0?ubz;S+9E7dx+fY`W!4>aB)D9xHQC+w8m5C3S51
z8m6k7@8bj4O=W)?EN^kbV1M(Zvr_Z#=zrLC+10``Z}%RBP=PcbWy{YJ%M`t~KhiPD
z<1biuq;2<?(~)f_W<1WyymK^<b@3`*#+z-Y4*e}Vvb*u^1PO;T!rN|pF`k?e`Ts<e
z&w}o@eQilE+P7UcU%Ol~>eRWIdwdT|Pd>g<66wX~^f|J7!Wl_!pB+*M7XPeB)1CaP
zVc&7XrgxSWH=UPQD!ll!iLv}$k@8FVC|Sn7V~@X7)z6CfDF4dgtWHOI{zr5BYUOJ?
zzyEx}_RqdeW^UhFGrsVNt&dOty~h3Gih^K-{`dOVQ<Z||--+iq?b`5T?cLLvcg`I4
z2c_>*F^m=&j0_AXSV0lR$Rxsm816zI-~kPHA&q`PswGHi4Qh#^41NW8qnd-<=?4u5
zA<WTW1P`Jin}Dtvxl0F1F9^*s%wWyn@d2b!0(1kATh*YRAHsm$tY8C*;r&2#t;lsW
zsM(FsTFC*{3UWBO^^M#JM>hqz_5;=D2vgE{z@}i-?&u~UR}<U_?F<YILA)q+Cb~xC
z(hF3JAoOPQVX0HlwIk<ZP!WgF&MSbV9a`X_>qbsms4?dv$iRRl-v@ZJvVpANV&GzE
MU}9i+D+J;J02j+Gf&c&j

literal 0
HcmV?d00001

diff --git a/samples/office-samples/welcome..docx b/samples/office-samples/welcome..docx
new file mode 100644
index 0000000000000000000000000000000000000000..835a1c2bf6da56da36da1d6d7d3423a20eddcaff
GIT binary patch
literal 5119
zcmWIWW@Zs#;Nak3U`>vVW<Ubm3=9nMMX5Q(`g$O8?WDV2%#J**?|+LpzuSE?Okm>N
zx4j&Dg;(+mq;1;mY;B+7wl@F0LYLkY*Mp~3)SuV1l<eMYzfyeKo1_aHGNS@ye75NI
zNX_H>{#yFR*VXSP`iHDi@z+ZYEqA(RFm+O%;O3b(g7cCd1*kiV_%EGil%!O=WMbj%
zZPzvIZ5Pb1T($SALiKLO(hBcC((f&J&TZ&@cC%PRT<JowqIc^Bmxra3vXqV%u9H+z
z7UwPfy>Q#-_C+fh8>a8vR{wNY^n*vm4-;<cDF=FayM+JuGzqUcyvJ?hkJ3l}vqIZ9
z=fAkm7~sv$F=OpfuDc8j3@%Iz47fu@kb!|AB|kZ!D8HasKRLfBRj(p9r#C3pzu7>f
z_Ivn*ea@P}#?lF$vut-BNimkXpH+Q)Rluxm(zo|-Kaddo{lRV9?{nt;zFM+v{iy`@
zW2d50J6sI896m;Qgr>YmHRWHfv7t}%;HfCbHok<5I{UqLF56@FAt#IXnCFH@^Pp)(
za~Jj&&q~Vq$)=U2ygp!F%=KkS=bVER&i)YBW>7Dz>DDgrF*sh3E%EB2psX&dyzbX)
zQ|2~4knmdJVA<{I^1<`<fsk*Hn)@t+!!F61#7yCPvf^H}CD-g_owGdEzy1~ev#lbk
zY;jxA*42+1K7F~t@sw=_vtR}Dt?AM;uAe;oIIHiIieH|SQ2WWdT|Svc3sZj0dldgZ
z`mo(P-+P<XA0#tQlU_M@f1>|CkBS(h(44=AiUS^=-ZZ&q<+mxSoAVy_@0+IZj{n|c
zr@R*{te*X|zhtWVBxlLN1*>xs)Nk*fK6%{>j@#?retRsu<F&g~WB=R|)h{m<|9qDJ
zoDYhhc`gD9iHr;kxADf00CM~!78HP@XYRz)d4~)HT)+SAI+5f(X9;WI6N#@2*G=fU
zBC@MHCfy@Obz3Sw$G?4TTQaY0H7|Z1H}_-nTEAFn*@Km-C4QGI6a_OfwU)k~vqxP2
zGHa&|S8V6Cj1wm%Z6ZHPZ!0|3<jiWv#qzfJlEN+3rEz8#IOW-++0*l5)D1ksgE!yT
z<~;8vXLZ42v&zh13&j^)t5(W3EK%3%{}G>&`s8U%UG$vX2Zdn{>Cue`B>!r2H!so+
zVYlIY>$rhEJ6e^sP5fc@*Ow2zS~aC@w%GmVWYo*UEB{2CIsG%%#B0h!zIcU+=QgE$
zstCw6Ju4ymSno~l{~I=Qk9tO2Kak&_>%u#4dCxc2+mhjxb*D4pH!OFvP&7PJS#|z}
zN8g&chn}6~l4OXq;_K}(IN5oN^Y)(}=@5a#;UB=E&0wGU*MO0MK>=@Q%P=r7l;;<v
z=tByMl>Fq<+|;}hP@qE!jiA$9hYSSv{1#1oZ??9p!{n<{Q}{}Gfy-~1Z>y-ResNzq
zWJ^;=yIi`NwXu&`Z0xRSb1(ipmci&L!tA`(=i&>m19ta&#5bIBd&w8=`LJ`n^y|nQ
z7vmg!Q>M?U4oz0CP0@K}pxOIch4qD2-cqYmTt8L%p5OUus_^?l%5A5H+hUv>{$zcW
z&kdf|duVImaz4}AjSuFn)BUwTBeqrLLF3{D%zt+OP4W1BDdW`Bg-6Sq#J_4EDY?Km
zLE}&A{#NzR+J|yZaEO#u%iej|>@!c&P4mCShBs`Wv{;t1D)$Nl1H*K@p#v%_z@dX2
zE=xmw`)3;n?EN0D@Q!nW@Ak+oC%tm7tZFY)Rt-IWOrqem{!KNV-><DDW~XcqnwqB1
zcz#c%@%y7@-}(LLxVkUmoth+@{@J9j<G`jRi{g&k^UY6RZDAzVDP*X5!s=aTr@Yzw
zcf0pY+40on28Tq;$){F%TTk%jak!@))4X=+#Hn)|p6pzs)zw*lWS`Ue$H$_ks(0$o
z@^)o;qP5a;(}pXhM$>X?*QZQew!Kr0CvwJhlaQGQ%Kn7^S59ZV9(!r)<Xs_ANl82s
z2XEe(uB@dtOJ}dchXcl;E4;0yOO>YU#`A5Go!l50Si`Csax-l5<%nnclRQt$Z27VO
zKra(d<gct1war%~qyL(1(~sJwwc%s;m%=6W+p{*r9^9s(v3Of~kiT>4>FvH>PyKjj
zwQsZUjJ^Nun~u61DEzloENF4l!NL~LMUHVSJs;WpQWa0vRcL+ReEHqR?Y7E+)8z%D
zkIOR_D)^iE$;_K(l5)u~MdXlz*dkWO`6nkdu&&Z+RGzJC+tVeqh*xOqZfzO1Jg(fo
z)`Cx6esZ_V@fosxwU}GUx09dS{=jGT&qmWKN{liug&URZy!%ImM@Mbq)QgJ~{x05J
z<#0pL{9B<7OLY9z)h8Vp-@Og+Jr=j>9{=BmaVIzJPQ2Wx`Jrz2u1MAc=1UY$d8D#m
zI9qfeBg#De^scSv;?iTC11xpdgs4ZTKIIJa$X5OCdH+@QY5vD6MA?5$N;oAbz4`FM
zo0*x-eO!i*T_YxJSt|A9&|axeKJr}eV-1uzt#vGG8O-V#K<Q6Z!qLEyiGjhD4PRZw
z56hj!C6zg;#h_eyG$hvlv4KF%{&>NkdzUC2S=iOEL&4>J!26O``3<FJy{*Z=bJ~OI
z{;s{t;$^?%kmAQnM>gL*TamU!J)M86&%29O3qy~6`~FME@o1^y6_e!c=F|5kPqW}(
z#jsK|EvK(<?%X=dnY?r6dzWy2)i$4zy5`e8o=aCga%C4(-&(LJYGp3(yuPwo=eFqf
zT$P!-_~TX|{$GC=Z(&;)VV?HCAU8mF$5p@Sb^WicuBK{Q91Fa%?|y&&);DZdYQ&XH
zZ|pwyC1W0=zM2!4eSb<s(C32%tG2XuF1alvU*=V=YqI}<kkrdqi(B#AY_~1{vE$0A
z-6>`a$6HU_*g9ju(vMN9$y*ksgseI@^>&a`!M{74CvJFD?>#X2&+q<}IqgQ}SC(l%
zoXow4oi%tv)6$2#%QHm(K9oy2#wRwRx`v6*TBUsT3>MS31|fTIfAp5>57n1v%~0Zc
z6w`UHKt$^Dw_`6?@uhtgkuwf_5$Sg-LRZ{JDp^PM!Jd!5vhuV-{EzI(-SD?5bN>b#
z<JixNZWDI>y)z+_O~*%fhSr3>rHO)9RPLvi1UmNK-5zBT^s88M^Td5_)*TnVew*%D
zx9fk5cdm7o!>YO}okibv|0-@3n09uSqwKx_c^NVLt7@M`?0)e5U)KGTckcFERqYvW
z-n_AoI{F#)9vxNpSk2Td_t!zhtACo=<Ab+j*`IEkaW5>)R=q;~^z<H^dkIfI{{QiD
z$-`BO3n$pD{@taz*6I8tuZ17Vg~hVYq<0HkUhkgc`BA(|KJU`+z0-Gz<^6RMyi+oL
zx?xn5>+G8Q&n{K3e3szkcJ0O|vH#P5NC(|tdna3{_R19z=k2PW6`$sx`17r$>uCPF
zvN)UfSF=}e)kFkmH`dJvlTWPw{><+`6DTEn?)$L2mx+O)loMY{7J{YZwEVo1ki?`M
zaI<Uer1N=)40w*cukO+)_i(&r5-MVnc`Ngg!42ja4=#Ch1|Mzg*&d(aILnRy_hH?S
z>Gl6^p3M39aE(Pm!sC^bCKoEQPWl$@yxVKv`gphgpaPa#O<!B4+9;hq`X_JNsawG*
z6Hj-Z4mqiIY+FcIX)|BNo9HELuG(32{FExw`ne&u`TB`Dcjty)UQ`jl$8&PC?~l&j
z_1TL*-h92+xofYd1Gl07f!@r>bLUHxrn2ZcukUph^Y(dk)_Q@Sqq%^Dza{&IsXCt?
z)C!aw*>EW0WJ<<s;eNHtzgLFL)wW3PpFZot%u=W9MR|H3nOT^nyVX6vYJ_{NUVOX4
z+N0=moWEu2j;r!*&r)Xm=lGOmCb6qsNSkNbyBP<LrH1L--M{a}Tj;-T=l6~0>c1YF
z{hN#Di1VJmMgM(&uHHJ2-{wCHDBREK^tM_sGBE6C#ux7J8mu_Aq$D#h9bASiopjdk
zuz^6!dmGm$)?1^G#9!Ic#Qf;cN>`6NG3l2hZrnR@&!lB}x?)JD!=p>H-_D$SKDlyd
z-FH1}2OlwK#b?H<MjUM3(%)Ju?%B<`-=Q;+Z)ust0s&i<jd62zciS)u?hZP}srWQj
zF>8_9bfcM4d;E-Z6gGq<ewkGv{e9En2s1(6B}W$DJJ}i(ekoh}NSCs`K<%}sye`a*
zKdihsf2vLiczNw&*n6`U-e|sCqK~5P@@>lFl>fb~Z9!+XOlg-cPg|8p{LW(+KTOWM
zU_R^E)wGOb>lWCS%lW-MXXX7@c$z{)*5bdHZ$t|lCb}BSO^gV=cAz}HQ01Kd@)P$L
zm>uNaEuK}kvG>-VyUK#UJU0s;_+PlS_=c}Rxyix#C#F39ed^=oHFn?*#aAB3Nh*vC
z43&5r38Jv1U6PTSo2m~c4M9cq-KoC$w+(pO-v1VDdbj$~4$eyoeug^SWf~itx80ST
zx$UaQCdHL+KfPam!tc@gg@+9iUet7Y*w(mq_3YjCf1ygHTe9m)VX3=58jfdAhrF;^
zcz<8seSM9Md?j3)uFSZg996ZyZhO;G?EuA(4{zxyE^IBnI?3?#Ug<Z!kqf_7M`nsx
z<j<P3lr3)0nn^iUGtbOqT9_%EU#GtBjM2fu;7{tUx2`I&sank6rR$Qad2vBaUp$k?
z_2(+~o;I#GCO3O;eysR;R;@sF^V)_l0(0xuocu1oRPnrmuoWkN>TA*643~I!>e%pJ
zXLy<TYu3Fj*QASV_cAa%-#6vq&5KNrJnwAKT@ly!MBx1U1*f-vdCbUP*kk+m$Eo{#
zKU$Yp|Joj2XZGOdUD^G2Jh@j*|14N1<$B{GbBM=6{>A2f>A#v%mj1EnI-e$}^NqJ|
zX+(C-tBSW)hp)_1X6;{kvr56_`uP=V?;;Y}?i9=SFnD^Z%II%f&|>pTMDro5ME5!K
z&m|^0f>DOjH7)P`Q`m3qlRNo#zU!vAM_w<?qmG&uUds!~n4Kl<bZV}(SIvfn9?@PC
z^Y$7`Fz)Vg4gI0Y+ckaetye66i&@QdykD(zjT5r!PhY;e`PBZ*n*6^(p_xu=&uKEw
z{C%FWT#ctVb<OPt-B%)qJWJcB6lBc$KDlo8sWtVMGg437)wc=1{Qj!a;@$P~X~{F+
zet!Gka{u2$5zq5av&nzkoc>oBl!w1<_}C=J#K3To1798%W?*25cFxZ$NzE&X52-9j
zEsg~xuf0=FgK{yrQxrXAM{1*h*Dcn5)snz#CvHr>B4D4gd+FcmW1b-kwM<&Y%qC8n
zS$%%4=cAf!fu)<+o-e(~Ix{7CQo}Phk66(sl^-X>O}<$&MSq)EP1D|6;wh3%dlz2$
ztg7+MIN33IsfpjlhVAPXP5W3L#<*9ef4zpeRRdpUhg{06`;I5WN<H40|Jd<#(HxcS
zx$!QdEs@dQ=a{BtuDKL9xA~U5z`CtByr-9)Gzu}Zt<zk)|Hr(9(yi<hwEV>8f7iaJ
z^Tm4>Q`WqKyMA0A&(5^EFWb<#?}%qc*|W-D9)~{cG`{vYyKsVR+#klckmX{%2Ut0e
z3ts&7+#z_{B<89$B3?!v-C_!TDfJTSyPm$&+3?q1?Cyg7PX4p3cRf5Iv*&ocu=<Tq
zk;zpC?fkc;{`?Hyvak7v&_wQUQU4z`OM7kDEO(EwrD4|o8&1z{BorTXa=tAsD(X45
z%(<`VmdwS={-7B8d7{`6)MvfO3W^~{CJ_e2SPSxa18A%TY3PLkW#lEm8&xB6M;KH<
zBQ%OJVi}x3*N)t?1ND{>+P5(wX@~Zm(RCyDd_cWFgl-iU{Cz=mlaSl6sNQg5g_?xi
zZ$j6O+;9LjbP*0Y#17StX!fFOMy~xpZ3~3v9xkY6l$Hj%e&nJZ)$J@iQ2od?Cc1Xy
zj0-CN5!R>kLbZeI0i@ah-3a8A1<K(FBTn#R&F=x;tZX1fTnt<c^-K&5Szvbq095{3
A^Z)<=

literal 0
HcmV?d00001

diff --git a/slim.Dockerfile b/slim.Dockerfile
index 78b305a..a83d0b4 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -30,6 +30,10 @@ RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Images \
  && mkdir -p ${BASE_DIR}/themes/Murena
 
+# New: Add OnlyOffice samples to skeleton
+COPY samples/office-samples/ ${BASE_DIR}/core/skeleton/files_samples/
+RUN chown -R www-data:www-data ${BASE_DIR}/core/skeleton/files_samples/ || true
+
 # Install unzip for unzipping artifacts
 RUN apt-get update && apt-get install -y unzip ffmpeg syslog-ng
 
-- 
GitLab


From 5269a490cd151886ff3dd873ba9607f4543d6a80 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 30 Oct 2025 15:41:46 +0600
Subject: [PATCH 07/49] login issues persisted

---
 .env                                          |  7 ++--
 .env.example                                  |  1 +
 config/nginx/templates/default.conf.template  | 10 +----
 config/postgres/init-onlyoffice.sh            | 31 ++++++++++++++
 config/postgres/init-onlyoffice.sql           | 18 ---------
 docker-compose.local.yml                      | 40 ++++++++++++-------
 .../99-onlyoffice-setup.sh                    |  0
 slim.Dockerfile                               |  4 +-
 8 files changed, 66 insertions(+), 45 deletions(-)
 create mode 100755 config/postgres/init-onlyoffice.sh
 delete mode 100644 config/postgres/init-onlyoffice.sql
 rename hooks.d/{ => post-installation}/99-onlyoffice-setup.sh (100%)

diff --git a/.env b/.env
index d363be5..99a2088 100644
--- a/.env
+++ b/.env
@@ -28,15 +28,16 @@ ONLYOFFICE_JWT_HEADER=AuthorizationJwt
 ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
 ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 
 # redis
-REDIS_HOST=redis
-REDIS_HOST_PASSWORD=12456
+# REDIS_HOST=redis
+# REDIS_HOST_PASSWORD=12456
 
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
 NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=@dm1n
+NEXTCLOUD_ADMIN_PASSWORD=newpass
 NEXTCLOUD_TRUSTED_DOMAINS=nginx
 TRUSTED_PROXIES=
 OVERWRITEPROTOCOL=
diff --git a/.env.example b/.env.example
index bc26481..213789a 100644
--- a/.env.example
+++ b/.env.example
@@ -27,6 +27,7 @@ ONLYOFFICE_JWT_HEADER=AuthorizationJwt
 ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
 ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # redis
 REDIS_HOST=redis
 REDIS_HOST_PASSWORD=12456
diff --git a/config/nginx/templates/default.conf.template b/config/nginx/templates/default.conf.template
index 406304f..fe2b6cf 100644
--- a/config/nginx/templates/default.conf.template
+++ b/config/nginx/templates/default.conf.template
@@ -135,15 +135,7 @@ server {
         try_files $fastcgi_script_name =404;
 
         include fastcgi_params;
-        fastcgi_param SCRIPT_FIntroller_active true;     # Enable pretty urls
-        fastcgi_pass php-handler;
-
-        fastcgi_intercept_errors on;
-        fastcgi_request_buffering off;
-
-        fastcgi_max_temp_file_size 0;
-    }
-LENAME $document_root$fastcgi_script_name;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param PATH_INFO $path_info;
         #fastcgi_param HTTPS on;
 
diff --git a/config/postgres/init-onlyoffice.sh b/config/postgres/init-onlyoffice.sh
new file mode 100755
index 0000000..5bb87cc
--- /dev/null
+++ b/config/postgres/init-onlyoffice.sh
@@ -0,0 +1,31 @@
+#!/bin/bash
+set -euo pipefail  # Exit on error, undefined vars, pipe failures
+
+# Helper: Run psql command (uses POSTGRES_USER/DB for auth)
+run_psql() {
+  psql -v ON_ERROR_STOP=1 -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" "$@"
+}
+
+echo "Starting OnlyOffice DB init..."
+
+# Create user if not exists (transaction-safe)
+if ! run_psql -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'onlyoffice'" | grep -q 1; then
+  run_psql -c "CREATE USER onlyoffice WITH PASSWORD '${ONLYOFFICE_DB_PASSWORD:-onlyoffice}';"
+  echo "Created user 'onlyoffice'."
+else
+  echo "User 'onlyoffice' already exists."
+fi
+
+# Create DB if not exists (non-transactional: check first, then create)
+if ! run_psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'onlyoffice'" | grep -q 1; then
+  # Temp connect as superuser to create DB
+  psql -v ON_ERROR_STOP=1 -U "${POSTGRES_USER}" -d "postgres" -c "CREATE DATABASE onlyoffice OWNER onlyoffice;"
+  echo "Created DB 'onlyoffice'."
+else
+  echo "DB 'onlyoffice' already exists."
+fi
+
+# Grant privileges (safe to re-run)
+run_psql -c "GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;"
+
+echo "OnlyOffice DB and user initialized successfully."
\ No newline at end of file
diff --git a/config/postgres/init-onlyoffice.sql b/config/postgres/init-onlyoffice.sql
deleted file mode 100644
index 40e964f..0000000
--- a/config/postgres/init-onlyoffice.sql
+++ /dev/null
@@ -1,18 +0,0 @@
--- Create OnlyOffice DB and user (idempotent)
-DO $$
-BEGIN
-    CREATE USER onlyoffice WITH PASSWORD '${ONLYOFFICE_DB_PASSWORD:-onlyoffice}';
-EXCEPTION
-    WHEN duplicate_object THEN RAISE NOTICE 'User "onlyoffice" already exists, skipping';
-END
-$$;
-
-DO $$
-BEGIN
-    CREATE DATABASE onlyoffice OWNER onlyoffice;
-EXCEPTION
-    WHEN duplicate_object THEN RAISE NOTICE 'DB "onlyoffice" already exists, skipping';
-END
-$$;
-
-GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;
\ No newline at end of file
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index d35fd23..bb42d7f 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -2,13 +2,15 @@ services:
   db:
     image: postgres:16.10-alpine
     restart: unless-stopped
+    env_file:  # New: Loads .env (includes ONLYOFFICE_DB_PASSWORD)
+      - ./.env
     environment:
       - POSTGRES_DB=${DB_NAME}
       - POSTGRES_USER=${DB_USER}
       - POSTGRES_PASSWORD=${DB_PASSWORD}
     volumes:
       - db:/var/lib/postgresql/data
-      - ./config/postgres/init-onlyoffice.sql:/docker-entrypoint-initdb.d/10-onlyoffice.sql:ro
+      - ./config/postgres/init-onlyoffice.sh:/docker-entrypoint-initdb.d/10-onlyoffice.sh:ro  # Ensure .sh
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
       interval: 10s
@@ -17,19 +19,23 @@ services:
     networks:
       - worker-network
 
-  redis:
-    image: redis:7.4-alpine
-    restart: unless-stopped
-    healthcheck:
-      test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-    networks:
-      - worker-network
+  # redis:
+  #   image: redis:7.4-alpine
+  #   restart: unless-stopped
+  #   env_file:
+  #     - ./.env
+  #   healthcheck:
+  #     test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
+  #     interval: 10s
+  #     timeout: 5s
+  #     retries: 5
+  #   networks:
+  #     - worker-network
 
   syslog:
     image: jumanjiman/rsyslog
+    env_file:
+      - ./.env
     restart: unless-stopped
     networks:
       - worker-network
@@ -39,6 +45,8 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nextcloud
+    env_file:
+      - ./.env
     environment:
       # New: Pass ONLYOFFICE_* envs
       - ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver
@@ -58,9 +66,9 @@ services:
       db:
         condition: service_healthy
         required: false
-      redis:
-        condition: service_healthy
-        required: false
+      # redis:
+      #   condition: service_healthy
+      #   required: false
     networks:
       - worker-network
 
@@ -69,6 +77,8 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nginx
+    env_file:
+      - ./.env
     environment:
       NEXTCLOUD_ADDR: nextcloud:9000
       DOMAIN: ${DOMAIN}
@@ -85,6 +95,8 @@ services:
     depends_on:
       db:
         condition: service_healthy
+    env_file:
+      - ./.env
     environment:
       # Shared DB (password from env)
       - DB_TYPE=postgres
diff --git a/hooks.d/99-onlyoffice-setup.sh b/hooks.d/post-installation/99-onlyoffice-setup.sh
similarity index 100%
rename from hooks.d/99-onlyoffice-setup.sh
rename to hooks.d/post-installation/99-onlyoffice-setup.sh
diff --git a/slim.Dockerfile b/slim.Dockerfile
index a83d0b4..8d65ca6 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -18,12 +18,14 @@ ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.
 ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz"
 ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.15.15/sentry-v8.15.15.tar.gz"
 
+ARG ONLYOFFICE_URL="https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.11.0/onlyoffice.tar.gz"
+
 ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v30.0.3/eCloud-v30.0.3.tar.gz"
 ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packages/generic/snappymail/v4.0.5/snappymail-v4.0.5.tar.gz"
 
 COPY custom_entrypoint-slim.sh /
 COPY hooks.d/ /docker-entrypoint-hooks.d/
-RUN chmod +x /docker-entrypoint-hooks.d/99-onlyoffice-setup.sh
+RUN chmod +x /docker-entrypoint-hooks.d/post-installation/99-onlyoffice-setup.sh
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Documents \
-- 
GitLab


From 947d81c445d44e7bf49b83486843580499068b73 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Sat, 1 Nov 2025 01:30:51 +0600
Subject: [PATCH 08/49] Move OnlyOffice hook to post-installation for
 auto-config

---
 .env            | 22 ++++++++++++++--------
 slim.Dockerfile |  1 +
 2 files changed, 15 insertions(+), 8 deletions(-)

diff --git a/.env b/.env
index 99a2088..b89a348 100644
--- a/.env
+++ b/.env
@@ -21,14 +21,12 @@ DB_USER=nextcloud
 DB_PASSWORD=123456
 DB_NAME=nextcloud
 
-# New: OnlyOffice
-ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
-ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
-ONLYOFFICE_JWT_HEADER=AuthorizationJwt
-ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
-ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
-ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
-OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
+# New: Aliases for Nextcloud Docker entrypoint (automated install)
+POSTGRES_HOST=db
+POSTGRES_DB=nextcloud
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD=123456
+
 
 # redis
 # REDIS_HOST=redis
@@ -44,6 +42,14 @@ OVERWRITEPROTOCOL=
 SENTRY_DSN=
 SENTRY_PUBLIC_DSN=
 
+# New: OnlyOffice
+ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
+ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
+ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
 
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 8d65ca6..76dda96 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -26,6 +26,7 @@ ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packa
 COPY custom_entrypoint-slim.sh /
 COPY hooks.d/ /docker-entrypoint-hooks.d/
 RUN chmod +x /docker-entrypoint-hooks.d/post-installation/99-onlyoffice-setup.sh
+RUN find /docker-entrypoint-hooks.d -name "*.sh" -exec chmod +x {} \;
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Documents \
-- 
GitLab


From ad3b866a8ab784c2fc12c25c935d3e65065db3c9 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Sat, 1 Nov 2025 11:31:37 +0600
Subject: [PATCH 09/49] Login issues fixed, OnlyOffice showing on Moreno
 Dashboard but couldn't be used

---
 docker-compose.local.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index bb42d7f..43c75b8 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -69,6 +69,12 @@ services:
       # redis:
       #   condition: service_healthy
       #   required: false
+    healthcheck:
+      test: ["CMD-SHELL", "php occ status"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 60s  # Extra grace for install/hooks
     networks:
       - worker-network
 
@@ -85,7 +91,11 @@ services:
     ports:
       - "8000:80"
     depends_on:
-      - nextcloud
+      nextcloud:
+        condition: service_healthy
+    networks:
+      - proxy-network
+      - worker-network
   
   # New: OnlyOffice Document Server
   documentserver:
-- 
GitLab


From 9e1f58ba386b1b0661d0fe9e86128473e44c24f8 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Sun, 2 Nov 2025 08:47:23 +0600
Subject: [PATCH 10/49] Redis renenabled

---
 .env                                          |  8 +++--
 .env.example                                  |  2 ++
 docker-compose.local.yml                      | 33 +++++++++++--------
 .../post-installation/99-onlyoffice-setup.sh  |  3 ++
 4 files changed, 30 insertions(+), 16 deletions(-)

diff --git a/.env b/.env
index b89a348..5a16ab5 100644
--- a/.env
+++ b/.env
@@ -29,8 +29,8 @@ POSTGRES_PASSWORD=123456
 
 
 # redis
-# REDIS_HOST=redis
-# REDIS_HOST_PASSWORD=12456
+REDIS_HOST=redis
+REDIS_HOST_PASSWORD=12456
 
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
@@ -44,11 +44,13 @@ SENTRY_PUBLIC_DSN=
 
 # New: OnlyOffice
 ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
-ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
+ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
 ONLYOFFICE_JWT_HEADER=AuthorizationJwt
 ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
 ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://nginx/
+ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
 OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
diff --git a/.env.example b/.env.example
index 213789a..471cb80 100644
--- a/.env.example
+++ b/.env.example
@@ -27,6 +27,8 @@ ONLYOFFICE_JWT_HEADER=AuthorizationJwt
 ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
 ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://nginx/
+ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
 OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # redis
 REDIS_HOST=redis
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 43c75b8..47e9a4f 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -19,18 +19,18 @@ services:
     networks:
       - worker-network
 
-  # redis:
-  #   image: redis:7.4-alpine
-  #   restart: unless-stopped
-  #   env_file:
-  #     - ./.env
-  #   healthcheck:
-  #     test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
-  #     interval: 10s
-  #     timeout: 5s
-  #     retries: 5
-  #   networks:
-  #     - worker-network
+  redis:
+    image: redis:7.4-alpine
+    restart: unless-stopped
+    env_file:
+      - ./.env
+    healthcheck:
+      test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+    networks:
+      - worker-network
 
   syslog:
     image: jumanjiman/rsyslog
@@ -50,11 +50,12 @@ services:
     environment:
       # New: Pass ONLYOFFICE_* envs
       - ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver
-      - ONLYOFFICE_JWT_SECRET=your_jwt_secret_here
+      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
       - ONLYOFFICE_JWT_HEADER=AuthorizationJwt
       - ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
       - ONLYOFFICE_MAX_FILE_SIZE=10000000
       - ONLYOFFICE_DB_PASSWORD=onlyoffice
+    
     volumes:
       # New: Mount config/data (assumed missing; adjust paths if external)
       - nextcloud-config:/var/www/html/config
@@ -122,6 +123,12 @@ services:
     volumes:
       - onlyoffice_data:/var/www/onlyoffice/Data
       - onlyoffice_logs:/var/log/onlyoffice
+    healthcheck:
+      test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost/healthcheck"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
+      start_period: 30s
     networks:
       - worker-network
 
diff --git a/hooks.d/post-installation/99-onlyoffice-setup.sh b/hooks.d/post-installation/99-onlyoffice-setup.sh
index fbd31f4..efa3249 100755
--- a/hooks.d/post-installation/99-onlyoffice-setup.sh
+++ b/hooks.d/post-installation/99-onlyoffice-setup.sh
@@ -18,5 +18,8 @@ php occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}
 php occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-AuthorizationJwt}"
 php occ config:app:set onlyoffice inner_request_timeout --value="${ONLYOFFICE_INNER_REQUEST_TIMEOUT:-3600}"
 php occ config:app:set onlyoffice max_file_size --value="${ONLYOFFICE_MAX_FILE_SIZE:-10000000}"
+php occ config:app:set onlyoffice documentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://nginx/}"
+php occ config:app:set onlyoffice sharedSecret --value="${ONLYOFFICE_SHARED_SECRET:-}"
+
 
 echo "OnlyOffice app enabled and configured with env vars."
\ No newline at end of file
-- 
GitLab


From 452b143fd7930d9651139cdcc6f341f193ce2505 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Sun, 2 Nov 2025 09:19:50 +0600
Subject: [PATCH 11/49] Redish default	modified:   .env

---
 .env | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.env b/.env
index 5a16ab5..149cf4a 100644
--- a/.env
+++ b/.env
@@ -29,8 +29,8 @@ POSTGRES_PASSWORD=123456
 
 
 # redis
-REDIS_HOST=redis
-REDIS_HOST_PASSWORD=12456
+# REDIS_HOST=redis
+# REDIS_HOST_PASSWORD=12456
 
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
-- 
GitLab


From 5e830e9a6854313867823b8851c49afc49f5b586 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 12:35:23 +0600
Subject: [PATCH 12/49] Add dynamic onlyoffice.php config like pgsql_ssl

---
 config/nextcloud/onlyoffice.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 config/nextcloud/onlyoffice.php

diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
new file mode 100644
index 0000000..b7450aa
--- /dev/null
+++ b/config/nextcloud/onlyoffice.php
@@ -0,0 +1,14 @@
+<?php
+
+if (getenv('ONLYOFFICE_DOCUMENT_SERVER_URL')) {
+  $CONFIG = array(
+    'onlyoffice' => array(
+      'DocumentServerUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_URL') ?: 'http://documentserver',
+      'documentServerInternalUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL') ?: 'http://nginx/',
+      'jwt_secret' => getenv('ONLYOFFICE_JWT_SECRET') ?: null,
+      'jwt_header' => getenv('ONLYOFFICE_JWT_HEADER') ?: 'AuthorizationJwt',
+      'inner_request_timeout' => (int) (getenv('ONLYOFFICE_INNER_REQUEST_TIMEOUT') ?: 3600),
+      'max_file_size' => (int) (getenv('ONLYOFFICE_MAX_FILE_SIZE') ?: 10000000),
+    ),
+  );
+}
\ No newline at end of file
-- 
GitLab


From 8808df6c8d47b10d072be4dd0baed9732268b62c Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 12:38:04 +0600
Subject: [PATCH 13/49] Update murena.config.php to merge dynamic configs like
 onlyoffice.php

---
 config/nextcloud/murena.config.php | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
index ccf639b..db56936 100644
--- a/config/nextcloud/murena.config.php
+++ b/config/nextcloud/murena.config.php
@@ -28,7 +28,18 @@ $CONFIG = array(
   'maintenance_window_start' => 1,
 );
 
+// New: Include additional dynamic configs if present
+$additional_configs = glob(__DIR__ . '/*.config.php');
+foreach ($additional_configs as $file) {
+  if ($file !== __FILE__ && file_exists($file)) {
+    $additional = require $file;
+    if (is_array($additional) && isset($additional['onlyoffice'])) {  // Only merge onlyoffice
+      $CONFIG = array_merge_recursive($CONFIG, $additional);
+    }
+  }
+}
+
 if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
   $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
   $CONFIG['sentry.public-dsn'] = getenv('SENTRY_PUBLIC_DSN');
-}
+}
\ No newline at end of file
-- 
GitLab


From e958eeac9cfc7b4265e13352d00cf079d407333c Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 12:40:27 +0600
Subject: [PATCH 14/49] Ensure onlyoffice.php permissions in Dockerfile

---
 slim.Dockerfile | 1 +
 1 file changed, 1 insertion(+)

diff --git a/slim.Dockerfile b/slim.Dockerfile
index 76dda96..ff48cec 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -62,6 +62,7 @@ RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps && \
     mv ${BASE_DIR}/custom_apps/onlyoffice ${BASE_DIR}/apps/onlyoffice  # Enable in apps/ dir for occ
 
 COPY config/nextcloud/ /usr/src/nextcloud/config/
+RUN chmod 644 /var/www/html/config/*.config.php
 
 # Apply patches
 COPY patches/ ${TMP_PATCH_DIR}/
-- 
GitLab


From 5a2ca9cf7cfd7be5f5c9c9c7110a2ae583ccc1d6 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 12:45:38 +0600
Subject: [PATCH 15/49] remove  permissions commanf in Dockerfile

---
 slim.Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/slim.Dockerfile b/slim.Dockerfile
index ff48cec..ac8863f 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -62,7 +62,6 @@ RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps && \
     mv ${BASE_DIR}/custom_apps/onlyoffice ${BASE_DIR}/apps/onlyoffice  # Enable in apps/ dir for occ
 
 COPY config/nextcloud/ /usr/src/nextcloud/config/
-RUN chmod 644 /var/www/html/config/*.config.php
 
 # Apply patches
 COPY patches/ ${TMP_PATCH_DIR}/
@@ -72,6 +71,7 @@ RUN cd / && patch -p0 < ${TMP_PATCH_DIR}/037-remove-rsync-on-init-about-static-f
 # Initialize nextcloud /var/www/html and patch the default entrypoint.sh accordingly
 RUN rsync -rLDog --chown www-data:www-data --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ \
  && rsync -rLDog --chown www-data:www-data --include "version.php" --include "/custom_apps/" --include "/themes/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+RUN chmod 644 /var/www/html/config/*.config.php
 
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
-- 
GitLab


From bec3ac7d9288c3da4c35f3a6eb9835b659e72429 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 13:23:22 +0600
Subject: [PATCH 16/49] ReAdd dynamic onlyoffice.php for env config

---
 config/nextcloud/murena.config.php | 18 +++++++++---------
 slim.Dockerfile                    |  1 -
 2 files changed, 9 insertions(+), 10 deletions(-)

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
index db56936..406b01b 100644
--- a/config/nextcloud/murena.config.php
+++ b/config/nextcloud/murena.config.php
@@ -29,15 +29,15 @@ $CONFIG = array(
 );
 
 // New: Include additional dynamic configs if present
-$additional_configs = glob(__DIR__ . '/*.config.php');
-foreach ($additional_configs as $file) {
-  if ($file !== __FILE__ && file_exists($file)) {
-    $additional = require $file;
-    if (is_array($additional) && isset($additional['onlyoffice'])) {  // Only merge onlyoffice
-      $CONFIG = array_merge_recursive($CONFIG, $additional);
-    }
-  }
-}
+// $additional_configs = glob(__DIR__ . '/*.config.php');
+// foreach ($additional_configs as $file) {
+//   if ($file !== __FILE__ && file_exists($file)) {
+//     $additional = require $file;
+//     if (is_array($additional) && isset($additional['onlyoffice'])) {  // Only merge onlyoffice
+//       $CONFIG = array_merge_recursive($CONFIG, $additional);
+//     }
+//   }
+// }
 
 if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
   $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
diff --git a/slim.Dockerfile b/slim.Dockerfile
index ac8863f..76dda96 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -71,7 +71,6 @@ RUN cd / && patch -p0 < ${TMP_PATCH_DIR}/037-remove-rsync-on-init-about-static-f
 # Initialize nextcloud /var/www/html and patch the default entrypoint.sh accordingly
 RUN rsync -rLDog --chown www-data:www-data --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ \
  && rsync -rLDog --chown www-data:www-data --include "version.php" --include "/custom_apps/" --include "/themes/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-RUN chmod 644 /var/www/html/config/*.config.php
 
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
-- 
GitLab


From 5f8f702a1d6d2975609b06a19b83da406daf0558 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 13:34:22 +0600
Subject: [PATCH 17/49] update the root path from samples/office-smaples/  to
 samples/onlyoffice/

---
 .../presentation.pptx                               | Bin
 samples/{office-samples => onlyoffice}/sheet.xlsx   | Bin
 .../{office-samples => onlyoffice}/welcome..docx    | Bin
 slim.Dockerfile                                     |   2 +-
 4 files changed, 1 insertion(+), 1 deletion(-)
 rename samples/{office-samples => onlyoffice}/presentation.pptx (100%)
 rename samples/{office-samples => onlyoffice}/sheet.xlsx (100%)
 rename samples/{office-samples => onlyoffice}/welcome..docx (100%)

diff --git a/samples/office-samples/presentation.pptx b/samples/onlyoffice/presentation.pptx
similarity index 100%
rename from samples/office-samples/presentation.pptx
rename to samples/onlyoffice/presentation.pptx
diff --git a/samples/office-samples/sheet.xlsx b/samples/onlyoffice/sheet.xlsx
similarity index 100%
rename from samples/office-samples/sheet.xlsx
rename to samples/onlyoffice/sheet.xlsx
diff --git a/samples/office-samples/welcome..docx b/samples/onlyoffice/welcome..docx
similarity index 100%
rename from samples/office-samples/welcome..docx
rename to samples/onlyoffice/welcome..docx
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 76dda96..faa0e45 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -34,7 +34,7 @@ RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/themes/Murena
 
 # New: Add OnlyOffice samples to skeleton
-COPY samples/office-samples/ ${BASE_DIR}/core/skeleton/files_samples/
+COPY samples/onlyoffice/ ${BASE_DIR}/core/skeleton/files_samples/
 RUN chown -R www-data:www-data ${BASE_DIR}/core/skeleton/files_samples/ || true
 
 # Install unzip for unzipping artifacts
-- 
GitLab


From b83c0dc55bc4aa073d619e091b0ea173f0c4d61b Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 13:40:46 +0600
Subject: [PATCH 18/49] 	deleted:    .env 	modified:   .gitignore

---
 .env         | 76 ----------------------------------------------------
 .env.example | 34 ++++++++++++++---------
 .gitignore   |  1 +
 3 files changed, 22 insertions(+), 89 deletions(-)
 delete mode 100644 .env

diff --git a/.env b/.env
deleted file mode 100644
index 149cf4a..0000000
--- a/.env
+++ /dev/null
@@ -1,76 +0,0 @@
-# docker compose
-COMPOSE_BAKE=true
-COMPOSE_FILE=docker-compose.yml:docker-compose.local.yml
-
-# Server
-DOMAIN=localhost
-SHARED_STORAGE_PATH=/mnt/shared_storage/nextcloud
-
-# mail
-SMTP_SECURE=tls
-SMTP_PORT=587
-SMTP_NAME=username
-SMTP_PASSWORD=123456
-SMTP_HOST=smtp.domain.com
-MAIL_FROM_ADDRESS=no-reply
-MAIL_DOMAIN=domain.com
-
-# database
-DB_HOST=db
-DB_USER=nextcloud
-DB_PASSWORD=123456
-DB_NAME=nextcloud
-
-# New: Aliases for Nextcloud Docker entrypoint (automated install)
-POSTGRES_HOST=db
-POSTGRES_DB=nextcloud
-POSTGRES_USER=nextcloud
-POSTGRES_PASSWORD=123456
-
-
-# redis
-# REDIS_HOST=redis
-# REDIS_HOST_PASSWORD=12456
-
-# nextcloud
-NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
-NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=newpass
-NEXTCLOUD_TRUSTED_DOMAINS=nginx
-TRUSTED_PROXIES=
-OVERWRITEPROTOCOL=
-SENTRY_DSN=
-SENTRY_PUBLIC_DSN=
-
-# New: OnlyOffice
-ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
-ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
-ONLYOFFICE_JWT_HEADER=AuthorizationJwt
-ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
-ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
-ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
-ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://nginx/
-ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
-OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
-# nginx
-NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
-
-# syslog
-SYSLOG_HOST=syslog
-
-# S3 Bucket Configuration
-OBJECTSTORE_S3_BUCKET=
-OBJECTSTORE_S3_REGION=main
-OBJECTSTORE_S3_HOST=fsn1.your-objectstorage.com
-OBJECTSTORE_S3_PORT=443
-
-# S3 Credentials (sensitive - keep secure)
-OBJECTSTORE_S3_KEY=your_access_key_here
-OBJECTSTORE_S3_SECRET=your_secret_key_here
-
-# S3 Connection Settings
-OBJECTSTORE_S3_SSL=true
-OBJECTSTORE_S3_USEPATH_STYLE=true
-
-OBJECTSTORE_S3_AUTOCREATE=
-OBJECTSTORE_S3_OBJECT_PREFIX=
diff --git a/.env.example b/.env.example
index 471cb80..149cf4a 100644
--- a/.env.example
+++ b/.env.example
@@ -20,30 +20,38 @@ DB_HOST=db
 DB_USER=nextcloud
 DB_PASSWORD=123456
 DB_NAME=nextcloud
-# New: OnlyOffice
-ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
-ONLYOFFICE_JWT_SECRET=your_jwt_secret_here  # Generate: openssl rand -hex 32
-ONLYOFFICE_JWT_HEADER=AuthorizationJwt
-ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
-ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
-ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
-ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://nginx/
-ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
-OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
+
+# New: Aliases for Nextcloud Docker entrypoint (automated install)
+POSTGRES_HOST=db
+POSTGRES_DB=nextcloud
+POSTGRES_USER=nextcloud
+POSTGRES_PASSWORD=123456
+
+
 # redis
-REDIS_HOST=redis
-REDIS_HOST_PASSWORD=12456
+# REDIS_HOST=redis
+# REDIS_HOST_PASSWORD=12456
 
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
 NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=@dm1n
+NEXTCLOUD_ADMIN_PASSWORD=newpass
 NEXTCLOUD_TRUSTED_DOMAINS=nginx
 TRUSTED_PROXIES=
 OVERWRITEPROTOCOL=
 SENTRY_DSN=
 SENTRY_PUBLIC_DSN=
 
+# New: OnlyOffice
+ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
+ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
+ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
+ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://nginx/
+ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
+OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
 
diff --git a/.gitignore b/.gitignore
index d6588b0..9756529 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,2 +1,3 @@
 .idea
 files
+.env
\ No newline at end of file
-- 
GitLab


From 698b53cbddf9b7553f7955bd2de73831a10d5b8c Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 13:44:54 +0600
Subject: [PATCH 19/49] From # New: OnlyOffice To # OnlyOffice

---
 .env.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 149cf4a..8834b8d 100644
--- a/.env.example
+++ b/.env.example
@@ -42,7 +42,7 @@ OVERWRITEPROTOCOL=
 SENTRY_DSN=
 SENTRY_PUBLIC_DSN=
 
-# New: OnlyOffice
+# OnlyOffice
 ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
 ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
 ONLYOFFICE_JWT_HEADER=AuthorizationJwt
-- 
GitLab


From 4ce5b777650bd1cf4dc6e826b3252f0b21e808d6 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 14:00:37 +0600
Subject: [PATCH 20/49] 	modified:   docker-compose.local.yml 	modified:  
 docker-compose.yml

---
 .env.example             |  6 +++---
 docker-compose.local.yml | 28 +++++++++-------------------
 docker-compose.yml       |  6 ++++++
 3 files changed, 18 insertions(+), 22 deletions(-)

diff --git a/.env.example b/.env.example
index 8834b8d..5b6026c 100644
--- a/.env.example
+++ b/.env.example
@@ -21,7 +21,7 @@ DB_USER=nextcloud
 DB_PASSWORD=123456
 DB_NAME=nextcloud
 
-# New: Aliases for Nextcloud Docker entrypoint (automated install)
+# Aliases for Nextcloud Docker entrypoint (automated install)
 POSTGRES_HOST=db
 POSTGRES_DB=nextcloud
 POSTGRES_USER=nextcloud
@@ -29,8 +29,8 @@ POSTGRES_PASSWORD=123456
 
 
 # redis
-# REDIS_HOST=redis
-# REDIS_HOST_PASSWORD=12456
+REDIS_HOST=redis
+REDIS_HOST_PASSWORD=12456
 
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 47e9a4f..7ccefff 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -2,8 +2,6 @@ services:
   db:
     image: postgres:16.10-alpine
     restart: unless-stopped
-    env_file:  # New: Loads .env (includes ONLYOFFICE_DB_PASSWORD)
-      - ./.env
     environment:
       - POSTGRES_DB=${DB_NAME}
       - POSTGRES_USER=${DB_USER}
@@ -22,8 +20,6 @@ services:
   redis:
     image: redis:7.4-alpine
     restart: unless-stopped
-    env_file:
-      - ./.env
     healthcheck:
       test: [ "CMD", "redis-cli", "--raw", "incr", "ping" ]
       interval: 10s
@@ -45,16 +41,14 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nextcloud
-    env_file:
-      - ./.env
     environment:
       # New: Pass ONLYOFFICE_* envs
-      - ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver
+      - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
       - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
-      - ONLYOFFICE_JWT_HEADER=AuthorizationJwt
-      - ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
-      - ONLYOFFICE_MAX_FILE_SIZE=10000000
-      - ONLYOFFICE_DB_PASSWORD=onlyoffice
+      - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
+      - ONLYOFFICE_INNER_REQUEST_TIMEOUT=${ONLYOFFICE_INNER_REQUEST_TIMEOUT}
+      - ONLYOFFICE_MAX_FILE_SIZE=${ONLYOFFICE_MAX_FILE_SIZE}
+      - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     
     volumes:
       # New: Mount config/data (assumed missing; adjust paths if external)
@@ -67,9 +61,9 @@ services:
       db:
         condition: service_healthy
         required: false
-      # redis:
-      #   condition: service_healthy
-      #   required: false
+      redis:
+        condition: service_healthy
+        required: false
     healthcheck:
       test: ["CMD-SHELL", "php occ status"]
       interval: 10s
@@ -84,8 +78,6 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nginx
-    env_file:
-      - ./.env
     environment:
       NEXTCLOUD_ADDR: nextcloud:9000
       DOMAIN: ${DOMAIN}
@@ -105,9 +97,7 @@ services:
     restart: unless-stopped
     depends_on:
       db:
-        condition: service_healthy
-    env_file:
-      - ./.env
+        condition: service_healthy  
     environment:
       # Shared DB (password from env)
       - DB_TYPE=postgres
diff --git a/docker-compose.yml b/docker-compose.yml
index 5afbcf5..4ede9aa 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -33,6 +33,12 @@ services:
       - OBJECTSTORE_S3_USEPATH_STYLE=${OBJECTSTORE_S3_USEPATH_STYLE}
       - OBJECTSTORE_S3_OBJECT_PREFIX=${OBJECTSTORE_S3_OBJECT_PREFIX}
       - OBJECTSTORE_S3_AUTOCREATE=${OBJECTSTORE_S3_AUTOCREATE}
+      - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
+      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+      - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
+      - ONLYOFFICE_INNER_REQUEST_TIMEOUT=${ONLYOFFICE_INNER_REQUEST_TIMEOUT}
+      - ONLYOFFICE_MAX_FILE_SIZE=${ONLYOFFICE_MAX_FILE_SIZE}
+      - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     volumes:
       - nextcloud-config:/var/www/html/config
       - nextcloud-data:/var/www/html/data
-- 
GitLab


From 838ad047798d89be5a0fb93794d1ccade47991b2 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 14:09:54 +0600
Subject: [PATCH 21/49] used version tag 9.1 instead of latest

---
 docker-compose.local.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 7ccefff..d022fc3 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -92,7 +92,7 @@ services:
   
   # New: OnlyOffice Document Server
   documentserver:
-    image: onlyoffice/documentserver:latest
+    image: onlyoffice/documentserver:9.1
     container_name: documentserver
     restart: unless-stopped
     depends_on:
-- 
GitLab


From 5c95a725f0f577f05f94f1489e1e89c60e9d7381 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 14:12:45 +0600
Subject: [PATCH 22/49] 	modified:   docker-compose.local.yml

---
 docker-compose.local.yml | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index d022fc3..829b24f 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -42,7 +42,7 @@ services:
       dockerfile: slim.Dockerfile
       target: nextcloud
     environment:
-      # New: Pass ONLYOFFICE_* envs
+      # Pass ONLYOFFICE_* envs
       - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
       - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
       - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
@@ -51,7 +51,7 @@ services:
       - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     
     volumes:
-      # New: Mount config/data (assumed missing; adjust paths if external)
+      # Mount config/data (assumed missing; adjust paths if external)
       - nextcloud-config:/var/www/html/config
       - nextcloud-data:/var/www/html/data
     depends_on:
@@ -90,7 +90,7 @@ services:
       - proxy-network
       - worker-network
   
-  # New: OnlyOffice Document Server
+  # OnlyOffice Document Server
   documentserver:
     image: onlyoffice/documentserver:9.1
     container_name: documentserver
@@ -126,7 +126,6 @@ volumes: !override
   db:
   nextcloud-config:
   nextcloud-data:
-  # New
   onlyoffice_data:
   onlyoffice_logs:
 
-- 
GitLab


From b7840007a2d2f7767638bcb7672359ce1091cbee Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 21:30:52 +0600
Subject: [PATCH 23/49] remove the block comment and new lines

---
 config/nextcloud/murena.config.php | 11 -----------
 1 file changed, 11 deletions(-)

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
index 406b01b..88d8847 100644
--- a/config/nextcloud/murena.config.php
+++ b/config/nextcloud/murena.config.php
@@ -28,17 +28,6 @@ $CONFIG = array(
   'maintenance_window_start' => 1,
 );
 
-// New: Include additional dynamic configs if present
-// $additional_configs = glob(__DIR__ . '/*.config.php');
-// foreach ($additional_configs as $file) {
-//   if ($file !== __FILE__ && file_exists($file)) {
-//     $additional = require $file;
-//     if (is_array($additional) && isset($additional['onlyoffice'])) {  // Only merge onlyoffice
-//       $CONFIG = array_merge_recursive($CONFIG, $additional);
-//     }
-//   }
-// }
-
 if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
   $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
   $CONFIG['sentry.public-dsn'] = getenv('SENTRY_PUBLIC_DSN');
-- 
GitLab


From e7b385040618eaf58fc2fffa589c326d26f4f3c7 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Tue, 4 Nov 2025 21:35:53 +0600
Subject: [PATCH 24/49] NEXTCLOUD_ADMIN_PASSWORD default password reverted

---
 .env.example | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 5b6026c..8585199 100644
--- a/.env.example
+++ b/.env.example
@@ -35,7 +35,7 @@ REDIS_HOST_PASSWORD=12456
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
 NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=newpass
+NEXTCLOUD_ADMIN_PASSWORD=@dmin
 NEXTCLOUD_TRUSTED_DOMAINS=nginx
 TRUSTED_PROXIES=
 OVERWRITEPROTOCOL=
-- 
GitLab


From d1f66bebf21c2bc1a79ae3c0fabd2892c3f3b54c Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 5 Nov 2025 18:36:02 +0600
Subject: [PATCH 25/49] Ready for us as an override:	modified:  
 docker-compose.local.yml

---
 config/nextcloud/murena.config.php    | 0
 config/nextcloud/onlyoffice.php       | 0
 config/nextcloud/pgsql_ssl.config.php | 0
 docker-compose.local.yml              | 6 ++----
 slim.Dockerfile                       | 3 ++-
 5 files changed, 4 insertions(+), 5 deletions(-)
 mode change 100644 => 100755 config/nextcloud/murena.config.php
 mode change 100644 => 100755 config/nextcloud/onlyoffice.php
 mode change 100644 => 100755 config/nextcloud/pgsql_ssl.config.php

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
old mode 100644
new mode 100755
diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
old mode 100644
new mode 100755
diff --git a/config/nextcloud/pgsql_ssl.config.php b/config/nextcloud/pgsql_ssl.config.php
old mode 100644
new mode 100755
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 829b24f..f427472 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -30,8 +30,6 @@ services:
 
   syslog:
     image: jumanjiman/rsyslog
-    env_file:
-      - ./.env
     restart: unless-stopped
     networks:
       - worker-network
@@ -131,8 +129,8 @@ volumes: !override
 
 networks:
   proxy-network:
-    external: false
+    external: true
     name: proxy-network
   worker-network:
-    external: false
+    external: true
     name: worker-network
diff --git a/slim.Dockerfile b/slim.Dockerfile
index faa0e45..cd3aee2 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -71,6 +71,7 @@ RUN cd / && patch -p0 < ${TMP_PATCH_DIR}/037-remove-rsync-on-init-about-static-f
 # Initialize nextcloud /var/www/html and patch the default entrypoint.sh accordingly
 RUN rsync -rLDog --chown www-data:www-data --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ \
  && rsync -rLDog --chown www-data:www-data --include "version.php" --include "/custom_apps/" --include "/themes/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
+RUN find /var/www/html/config -name "*.config.php" -exec chmod 644 {} \; || true
 
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
@@ -80,4 +81,4 @@ CMD ["php-fpm"]
 FROM nginx:1.29-alpine AS nginx
 
 COPY ./config/nginx/templates /etc/nginx/templates
-COPY --from=nextcloud /var/www/html /var/www/html
+COPY --from=nextcloud /var/www/html /var/www/html
\ No newline at end of file
-- 
GitLab


From 6d25ec078e6ccdcfe6faf67ec74918d2819dff11 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 5 Nov 2025 18:56:08 +0600
Subject: [PATCH 26/49] Onlyoffice_* variables removed from local nextcloud
 service

---
 .env.example             |  5 +++++
 docker-compose.local.yml | 21 ++++++---------------
 slim.Dockerfile          |  4 ----
 3 files changed, 11 insertions(+), 19 deletions(-)

diff --git a/.env.example b/.env.example
index 8585199..4b0b5ec 100644
--- a/.env.example
+++ b/.env.example
@@ -43,6 +43,11 @@ SENTRY_DSN=
 SENTRY_PUBLIC_DSN=
 
 # OnlyOffice
+ONLYOFFICE_DB_TYPE=postgres
+ONLYOFFICE_DB_HOST=db
+ONLYOFFICE_DB_PORT=5432
+ONLYOFFICE_DB_NAME=onlyoffice
+ONLYOFFICE_DB_USER=onlyoffice
 ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
 ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
 ONLYOFFICE_JWT_HEADER=AuthorizationJwt
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index f427472..41cb90b 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -38,16 +38,7 @@ services:
     build:
       context: .
       dockerfile: slim.Dockerfile
-      target: nextcloud
-    environment:
-      # Pass ONLYOFFICE_* envs
-      - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
-      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
-      - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
-      - ONLYOFFICE_INNER_REQUEST_TIMEOUT=${ONLYOFFICE_INNER_REQUEST_TIMEOUT}
-      - ONLYOFFICE_MAX_FILE_SIZE=${ONLYOFFICE_MAX_FILE_SIZE}
-      - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
-    
+      target: nextcloud    
     volumes:
       # Mount config/data (assumed missing; adjust paths if external)
       - nextcloud-config:/var/www/html/config
@@ -98,11 +89,11 @@ services:
         condition: service_healthy  
     environment:
       # Shared DB (password from env)
-      - DB_TYPE=postgres
-      - DB_HOST=db
-      - DB_PORT=5432
-      - DB_NAME=onlyoffice
-      - DB_USER=onlyoffice
+      - DB_TYPE=${ONLYOFFICE_DB_TYPE:-postgres}
+      - DB_HOST=${ONLYOFFICE_DB_HOST:-db}
+      - DB_PORT=${ONLYOFFICE_DB_PORT:-5432}
+      - DB_NAME=${ONLYOFFICE_DB_NAME:-onlyoffice}
+      - DB_USER=${ONLYOFFICE_DB_USER:-onlyoffice}
       - DB_PWD=${ONLYOFFICE_DB_PASSWORD:-onlyoffice}
       # JWT from env
       - JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
diff --git a/slim.Dockerfile b/slim.Dockerfile
index cd3aee2..cb535b4 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -5,7 +5,6 @@ ENV NEXTCLOUD_VERSION_LONG=30.0.16.1
 
 ARG BASE_DIR="/usr/src/nextcloud"
 ARG TMP_PATCH_DIR="/tmp/build_patches"
-
 ARG CONTACTS_URL="https://gitlab.e.foundation/api/v4/projects/1238/packages/generic/contacts/v7.2.0+murena-20250926/contacts-v7.2.0+murena-20250926.tar.gz"
 ARG CALENDAR_URL="https://gitlab.e.foundation/api/v4/projects/1199/packages/generic/calendar/v5.3.5+murena-20250919/calendar-v5.3.5+murena-20250919.tar.gz"
 ARG THEME_HELPER_URL="https://gitlab.e.foundation/api/v4/projects/952/packages/generic/ecloud-theme-helper/v8.0.2/ecloud-theme-helper-v8.0.2.tar.gz"
@@ -13,13 +12,10 @@ ARG LAUNCHER_URL="https://gitlab.e.foundation/api/v4/projects/927/packages/gener
 ARG DASHBOARD_URL="https://gitlab.e.foundation/api/v4/projects/1195/packages/generic/murena-dashboard/8.0.0/murena-dashboard-8.0.0.tar.gz"
 ARG SNAPPY_URL="https://gitlab.e.foundation/api/v4/projects/1367/packages/generic/snappymail/v2.38.2+murena-20250822/snappymail-v2.38.2+murena-20250822.tar.gz"
 ARG OIDC_LOGIN_URL="https://gitlab.e.foundation/api/v4/projects/1496/packages/generic/oidc_login/3.2.2-4/oidc_login-3.2.2-4.tar.gz"
-
 ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz"
 ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz"
 ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.15.15/sentry-v8.15.15.tar.gz"
-
 ARG ONLYOFFICE_URL="https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.11.0/onlyoffice.tar.gz"
-
 ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v30.0.3/eCloud-v30.0.3.tar.gz"
 ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packages/generic/snappymail/v4.0.5/snappymail-v4.0.5.tar.gz"
 
-- 
GitLab


From 8b7682bc366e581be6a84fdbc395c8be8eb8135b Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 5 Nov 2025 19:03:14 +0600
Subject: [PATCH 27/49] networks:       - worker-network tag removed from local
 nextcloud and nignx

---
 docker-compose.local.yml | 5 -----
 1 file changed, 5 deletions(-)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 41cb90b..df58857 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -59,8 +59,6 @@ services:
       timeout: 5s
       retries: 5
       start_period: 60s  # Extra grace for install/hooks
-    networks:
-      - worker-network
 
   nginx:
     build:
@@ -75,9 +73,6 @@ services:
     depends_on:
       nextcloud:
         condition: service_healthy
-    networks:
-      - proxy-network
-      - worker-network
   
   # OnlyOffice Document Server
   documentserver:
-- 
GitLab


From b229263a259762431b555461ba2eb622c09cf565 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Wed, 5 Nov 2025 19:07:20 +0600
Subject: [PATCH 28/49] env variable removed from nginx local override

---
 docker-compose.local.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index df58857..468230d 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -65,9 +65,6 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nginx
-    environment:
-      NEXTCLOUD_ADDR: nextcloud:9000
-      DOMAIN: ${DOMAIN}
     ports:
       - "8000:80"
     depends_on:
-- 
GitLab


From 1a0a1fd279aa38178078975f86b76dda42825ffc Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 01:30:06 +0600
Subject: [PATCH 29/49] Fix internal URL fallback to nginx in hook/PHP

---
 .env.example                                  |  4 +--
 config/nextcloud/onlyoffice.php               |  5 +---
 docker-compose.yml                            |  3 ---
 .../post-installation/99-onlyoffice-setup.sh  | 25 -------------------
 hooks.d/post-installation/murena-config.sh    | 10 +++++++-
 slim.Dockerfile                               |  2 +-
 6 files changed, 12 insertions(+), 37 deletions(-)
 delete mode 100755 hooks.d/post-installation/99-onlyoffice-setup.sh

diff --git a/.env.example b/.env.example
index 4b0b5ec..e9f041e 100644
--- a/.env.example
+++ b/.env.example
@@ -51,10 +51,8 @@ ONLYOFFICE_DB_USER=onlyoffice
 ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
 ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
 ONLYOFFICE_JWT_HEADER=AuthorizationJwt
-ONLYOFFICE_INNER_REQUEST_TIMEOUT=3600
-ONLYOFFICE_MAX_FILE_SIZE=10000000  # 10MB
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
-ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://nginx/
+ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver
 ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
 OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
index b7450aa..c83d76d 100755
--- a/config/nextcloud/onlyoffice.php
+++ b/config/nextcloud/onlyoffice.php
@@ -4,11 +4,8 @@ if (getenv('ONLYOFFICE_DOCUMENT_SERVER_URL')) {
   $CONFIG = array(
     'onlyoffice' => array(
       'DocumentServerUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_URL') ?: 'http://documentserver',
-      'documentServerInternalUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL') ?: 'http://nginx/',
+      'DocumentServerInternalUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL') ?: 'http://nginx',
       'jwt_secret' => getenv('ONLYOFFICE_JWT_SECRET') ?: null,
-      'jwt_header' => getenv('ONLYOFFICE_JWT_HEADER') ?: 'AuthorizationJwt',
-      'inner_request_timeout' => (int) (getenv('ONLYOFFICE_INNER_REQUEST_TIMEOUT') ?: 3600),
-      'max_file_size' => (int) (getenv('ONLYOFFICE_MAX_FILE_SIZE') ?: 10000000),
     ),
   );
 }
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index 4ede9aa..ae912c4 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,9 +35,6 @@ services:
       - OBJECTSTORE_S3_AUTOCREATE=${OBJECTSTORE_S3_AUTOCREATE}
       - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
       - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
-      - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
-      - ONLYOFFICE_INNER_REQUEST_TIMEOUT=${ONLYOFFICE_INNER_REQUEST_TIMEOUT}
-      - ONLYOFFICE_MAX_FILE_SIZE=${ONLYOFFICE_MAX_FILE_SIZE}
       - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     volumes:
       - nextcloud-config:/var/www/html/config
diff --git a/hooks.d/post-installation/99-onlyoffice-setup.sh b/hooks.d/post-installation/99-onlyoffice-setup.sh
deleted file mode 100755
index efa3249..0000000
--- a/hooks.d/post-installation/99-onlyoffice-setup.sh
+++ /dev/null
@@ -1,25 +0,0 @@
-#!/bin/bash
-set -e
-
-# Run only if Nextcloud initialized and app present
-if [ ! -f /var/www/html/config/config.php ] || [ ! -d /var/www/html/apps/onlyoffice ]; then
-    echo "Skipping OnlyOffice setup: Nextcloud not ready or app missing."
-    exit 0
-fi
-
-cd /var/www/html
-
-# Enable app if not already
-php occ app:enable onlyoffice || true
-
-# Set config from env (with defaults)
-php occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://documentserver}"
-php occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
-php occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-AuthorizationJwt}"
-php occ config:app:set onlyoffice inner_request_timeout --value="${ONLYOFFICE_INNER_REQUEST_TIMEOUT:-3600}"
-php occ config:app:set onlyoffice max_file_size --value="${ONLYOFFICE_MAX_FILE_SIZE:-10000000}"
-php occ config:app:set onlyoffice documentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://nginx/}"
-php occ config:app:set onlyoffice sharedSecret --value="${ONLYOFFICE_SHARED_SECRET:-}"
-
-
-echo "OnlyOffice app enabled and configured with env vars."
\ No newline at end of file
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index c828e7b..5737354 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -21,7 +21,7 @@ occ app:enable sentry
 
 occ app:disable firstrunwizard
 occ app:disable logreader
-
+occ app:enable onlyoffice
 # database
 occ db:add-missing-indices
 
@@ -30,3 +30,11 @@ occ maintenance:repair --include-expensive
 
 # Set background jobs to use system cron
 occ background:cron
+
+# Set config from env (with defaults)
+occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://documentserver}"
+occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
+occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-AuthorizationJwt}"
+occ config:app:set onlyoffice inner_request_timeout --value="${ONLYOFFICE_INNER_REQUEST_TIMEOUT:-3600}"
+occ config:app:set onlyoffice max_file_size --value="${ONLYOFFICE_MAX_FILE_SIZE:-10000000}"
+occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://nginx/}"
diff --git a/slim.Dockerfile b/slim.Dockerfile
index cb535b4..bb2ae08 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -21,7 +21,7 @@ ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packa
 
 COPY custom_entrypoint-slim.sh /
 COPY hooks.d/ /docker-entrypoint-hooks.d/
-RUN chmod +x /docker-entrypoint-hooks.d/post-installation/99-onlyoffice-setup.sh
+#RUN chmod +x /docker-entrypoint-hooks.d/post-installation/99-onlyoffice-setup.sh
 RUN find /docker-entrypoint-hooks.d -name "*.sh" -exec chmod +x {} \;
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
-- 
GitLab


From 1773d626510e90fe617303eacba354ea6b97bb79 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 01:34:29 +0600
Subject: [PATCH 30/49] Merge dynamic configs in murena.config.php

---
 config/nextcloud/murena.config.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
index 88d8847..f66eb3f 100755
--- a/config/nextcloud/murena.config.php
+++ b/config/nextcloud/murena.config.php
@@ -28,6 +28,20 @@ $CONFIG = array(
   'maintenance_window_start' => 1,
 );
 
+// Merge dynamic configs (e.g., onlyoffice.php, pgsql_ssl.config.php)
+$additional_files = [
+  __DIR__ . '/pgsql_ssl.config.php',
+  __DIR__ . '/onlyoffice.php',  // Add more as needed
+];
+foreach ($additional_files as $file) {
+  if (file_exists($file)) {
+    $add_config = require $file;
+    if (is_array($add_config)) {
+      $CONFIG = array_merge_recursive($CONFIG, $add_config);
+    }
+  }
+}
+
 if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
   $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
   $CONFIG['sentry.public-dsn'] = getenv('SENTRY_PUBLIC_DSN');
-- 
GitLab


From 543e8ef9ed204e18d8cd587ff77534e5356ee834 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 01:49:20 +0600
Subject: [PATCH 31/49] 	modified:   config/nextcloud/murena.config.php 
 modified:   hooks.d/post-installation/murena-config.sh

---
 config/nextcloud/murena.config.php         | 14 --------------
 hooks.d/post-installation/murena-config.sh |  4 ++--
 2 files changed, 2 insertions(+), 16 deletions(-)

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
index f66eb3f..88d8847 100755
--- a/config/nextcloud/murena.config.php
+++ b/config/nextcloud/murena.config.php
@@ -28,20 +28,6 @@ $CONFIG = array(
   'maintenance_window_start' => 1,
 );
 
-// Merge dynamic configs (e.g., onlyoffice.php, pgsql_ssl.config.php)
-$additional_files = [
-  __DIR__ . '/pgsql_ssl.config.php',
-  __DIR__ . '/onlyoffice.php',  // Add more as needed
-];
-foreach ($additional_files as $file) {
-  if (file_exists($file)) {
-    $add_config = require $file;
-    if (is_array($add_config)) {
-      $CONFIG = array_merge_recursive($CONFIG, $add_config);
-    }
-  }
-}
-
 if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
   $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
   $CONFIG['sentry.public-dsn'] = getenv('SENTRY_PUBLIC_DSN');
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index 5737354..7ef289c 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -34,7 +34,7 @@ occ background:cron
 # Set config from env (with defaults)
 occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://documentserver}"
 occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
-occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-AuthorizationJwt}"
+occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
 occ config:app:set onlyoffice inner_request_timeout --value="${ONLYOFFICE_INNER_REQUEST_TIMEOUT:-3600}"
 occ config:app:set onlyoffice max_file_size --value="${ONLYOFFICE_MAX_FILE_SIZE:-10000000}"
-occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://nginx/}"
+occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://documentserver}"
-- 
GitLab


From 7a0e779cd2430d27cbf872be745339c07062538a Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 12:42:04 +0600
Subject: [PATCH 32/49] ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL added to
 docker-compose.yml

---
 .env.example                          |  5 ++---
 config/nextcloud/onlyoffice.php       | 26 ++++++++++++++++++--------
 config/nextcloud/pgsql_ssl.config.php |  2 ++
 docker-compose.yml                    |  1 +
 4 files changed, 23 insertions(+), 11 deletions(-)

diff --git a/.env.example b/.env.example
index e9f041e..242f0ba 100644
--- a/.env.example
+++ b/.env.example
@@ -48,12 +48,11 @@ ONLYOFFICE_DB_HOST=db
 ONLYOFFICE_DB_PORT=5432
 ONLYOFFICE_DB_NAME=onlyoffice
 ONLYOFFICE_DB_USER=onlyoffice
-ONLYOFFICE_DOCUMENT_SERVER_URL=http://documentserver  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_DOCUMENT_SERVER_URL=http://localhost:8081  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
 ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
-ONLYOFFICE_JWT_HEADER=AuthorizationJwt
+ONLYOFFICE_JWT_HEADER=Authorization
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
 ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver
-ONLYOFFICE_SHARED_SECRET=dc9570364262f48b966f4061e1105b28931c11cc7ad25775c345386b356a3f3e
 OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
index c83d76d..4cf4a2c 100755
--- a/config/nextcloud/onlyoffice.php
+++ b/config/nextcloud/onlyoffice.php
@@ -1,11 +1,21 @@
 <?php
+if (!isset($CONFIG)) $CONFIG = [];
 
-if (getenv('ONLYOFFICE_DOCUMENT_SERVER_URL')) {
-  $CONFIG = array(
-    'onlyoffice' => array(
-      'DocumentServerUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_URL') ?: 'http://documentserver',
-      'DocumentServerInternalUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL') ?: 'http://nginx',
-      'jwt_secret' => getenv('ONLYOFFICE_JWT_SECRET') ?: null,
-    ),
-  );
+$map = [
+    'ONLYOFFICE_DOCUMENT_SERVER_URL' => 'DocumentServerUrl',
+    'ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL' => 'DocumentServerInternalUrl',
+    'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
+];
+
+foreach ($map as $env => $key) {
+    $val = getenv($env);
+    if ($val !== false && $val !== '') {
+        $CONFIG['onlyoffice'][$key] = $val;
+    }
+}
+
+# Default for local runs
+if (empty($CONFIG['onlyoffice']['DocumentServerUrl'])) {
+  $CONFIG['onlyoffice']['DocumentServerUrl'] = 'http://localhost:8081/';
+  $CONFIG['onlyoffice']['DocumentServerInternalUrl'] = 'http://documentserver/';
 }
\ No newline at end of file
diff --git a/config/nextcloud/pgsql_ssl.config.php b/config/nextcloud/pgsql_ssl.config.php
index 6e1a11a..dd825e7 100755
--- a/config/nextcloud/pgsql_ssl.config.php
+++ b/config/nextcloud/pgsql_ssl.config.php
@@ -7,3 +7,5 @@ if (getenv('POSTGRES_SSL_MODE')) {
     ),
   );
 }
+
+
diff --git a/docker-compose.yml b/docker-compose.yml
index ae912c4..ae5e0ef 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -34,6 +34,7 @@ services:
       - OBJECTSTORE_S3_OBJECT_PREFIX=${OBJECTSTORE_S3_OBJECT_PREFIX}
       - OBJECTSTORE_S3_AUTOCREATE=${OBJECTSTORE_S3_AUTOCREATE}
       - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
+      - ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL}
       - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
       - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     volumes:
-- 
GitLab


From e5763653b62ca720e58339ae089dc007bb1097dc Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 12:56:02 +0600
Subject: [PATCH 33/49] Export environment variables for OnlyOffice & Nextcloud
 	modified:   custom_entrypoint-slim.sh

---
 custom_entrypoint-slim.sh | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)

diff --git a/custom_entrypoint-slim.sh b/custom_entrypoint-slim.sh
index 7260094..7793ed0 100755
--- a/custom_entrypoint-slim.sh
+++ b/custom_entrypoint-slim.sh
@@ -1,12 +1,35 @@
 #!/bin/sh
-
+set -e
 echo "Murena entrypoint"
 
+# ------------------------------------------------------------------------------
+# 1. Export environment variables for OnlyOffice & Nextcloud
+# ------------------------------------------------------------------------------
+# These exports ensure PHP config files (like onlyoffice.php) can read values
+# from the container environment.
+export ONLYOFFICE_DOCUMENT_SERVER_URL
+export ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL
+export ONLYOFFICE_JWT_SECRET
+export ONLYOFFICE_DB_PASSWORD
+export ONLYOFFICE_DB_USER
+export ONLYOFFICE_DB_NAME
+export ONLYOFFICE_DB_HOST
+export ONLYOFFICE_DB_TYPE
+
+export NEXTCLOUD_TRUSTED_DOMAINS
+export TRUSTED_PROXIES
+export OVERWRITEPROTOCOL
+export SYSLOG_HOST
+
 # syslog-ng
-if [ -n ${SYSLOG_HOST} ]; then
+if [ -n "${SYSLOG_HOST}" ]; then
+  echo "Configuring syslog-ng for host: ${SYSLOG_HOST}"
   sed -i "s|\${SYSLOG_HOST}|${SYSLOG_HOST:-127.0.0.1}|g" /etc/syslog-ng/syslog-ng.conf
   syslog-ng --no-caps
   echo "syslog-ng started."
+else
+  echo "No SYSLOG_HOST defined — skipping syslog-ng setup."
 fi
 
-/entrypoint.sh "$@"
+echo "Starting Nextcloud main entrypoint..."
+exec /entrypoint.sh "$@"
-- 
GitLab


From d8cb3a91164b37c0ddc485a8452a3a4090be5dc3 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 15:02:43 +0600
Subject: [PATCH 34/49] 	modified:   config/nextcloud/onlyoffice.php 
 modified:   hooks.d/post-installation/murena-config.sh

---
 config/nextcloud/onlyoffice.php            | 1 +
 hooks.d/post-installation/murena-config.sh | 4 +---
 2 files changed, 2 insertions(+), 3 deletions(-)

diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
index 4cf4a2c..4afd628 100755
--- a/config/nextcloud/onlyoffice.php
+++ b/config/nextcloud/onlyoffice.php
@@ -5,6 +5,7 @@ $map = [
     'ONLYOFFICE_DOCUMENT_SERVER_URL' => 'DocumentServerUrl',
     'ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL' => 'DocumentServerInternalUrl',
     'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
+    'ONLYOFFICE_JWT_HEADER' => 'Authorization',
 ];
 
 foreach ($map as $env => $key) {
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index 7ef289c..2b4035e 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -32,9 +32,7 @@ occ maintenance:repair --include-expensive
 occ background:cron
 
 # Set config from env (with defaults)
-occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://documentserver}"
+occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://localhost:8081/}"
 occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
 occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
-occ config:app:set onlyoffice inner_request_timeout --value="${ONLYOFFICE_INNER_REQUEST_TIMEOUT:-3600}"
-occ config:app:set onlyoffice max_file_size --value="${ONLYOFFICE_MAX_FILE_SIZE:-10000000}"
 occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://documentserver}"
-- 
GitLab


From 6804b5e9c0d476ca08a24d16c7f037b09b3211bd Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 15:08:03 +0600
Subject: [PATCH 35/49] Nexcloud configs are reverted to 644 permission

---
 config/nextcloud/murena.config.php    | 0
 config/nextcloud/onlyoffice.php       | 0
 config/nextcloud/pgsql_ssl.config.php | 0
 3 files changed, 0 insertions(+), 0 deletions(-)
 mode change 100755 => 100644 config/nextcloud/murena.config.php
 mode change 100755 => 100644 config/nextcloud/onlyoffice.php
 mode change 100755 => 100644 config/nextcloud/pgsql_ssl.config.php

diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
old mode 100755
new mode 100644
diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
old mode 100755
new mode 100644
diff --git a/config/nextcloud/pgsql_ssl.config.php b/config/nextcloud/pgsql_ssl.config.php
old mode 100755
new mode 100644
-- 
GitLab


From 885de72a9da96e4c48fe490f5b12ab712b0a3a03 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 16:48:15 +0600
Subject: [PATCH 36/49] 	modified:   hooks.d/post-installation/murena-config.sh
 	modified:   slim.Dockerfile

---
 hooks.d/post-installation/murena-config.sh | 2 +-
 slim.Dockerfile                            | 1 -
 2 files changed, 1 insertion(+), 2 deletions(-)

diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index 2b4035e..a8e04d1 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -31,7 +31,7 @@ occ maintenance:repair --include-expensive
 # Set background jobs to use system cron
 occ background:cron
 
-# Set config from env (with defaults)
+# Set only office server settings from env (with defaults)
 occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://localhost:8081/}"
 occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
 occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
diff --git a/slim.Dockerfile b/slim.Dockerfile
index bb2ae08..9352118 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -21,7 +21,6 @@ ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packa
 
 COPY custom_entrypoint-slim.sh /
 COPY hooks.d/ /docker-entrypoint-hooks.d/
-#RUN chmod +x /docker-entrypoint-hooks.d/post-installation/99-onlyoffice-setup.sh
 RUN find /docker-entrypoint-hooks.d -name "*.sh" -exec chmod +x {} \;
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
-- 
GitLab


From 6588b1f9470215a1676868cfcac6ec603d2b7a27 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 18:37:00 +0600
Subject: [PATCH 37/49] StorageUrl env config added

---
 .env.example                               | 1 +
 config/nextcloud/onlyoffice.php            | 2 ++
 docker-compose.yml                         | 1 +
 hooks.d/post-installation/murena-config.sh | 3 ++-
 4 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.env.example b/.env.example
index 242f0ba..53a02b8 100644
--- a/.env.example
+++ b/.env.example
@@ -53,6 +53,7 @@ ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da
 ONLYOFFICE_JWT_HEADER=Authorization
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
 ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver
+ONLYOFFICE_STORAGE_URL=http://nginx/
 OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
diff --git a/config/nextcloud/onlyoffice.php b/config/nextcloud/onlyoffice.php
index 4afd628..8c48fc7 100644
--- a/config/nextcloud/onlyoffice.php
+++ b/config/nextcloud/onlyoffice.php
@@ -6,6 +6,7 @@ $map = [
     'ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL' => 'DocumentServerInternalUrl',
     'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
     'ONLYOFFICE_JWT_HEADER' => 'Authorization',
+    'ONLYOFFICE_STORAGE_URL' => 'StorageUrl',
 ];
 
 foreach ($map as $env => $key) {
@@ -19,4 +20,5 @@ foreach ($map as $env => $key) {
 if (empty($CONFIG['onlyoffice']['DocumentServerUrl'])) {
   $CONFIG['onlyoffice']['DocumentServerUrl'] = 'http://localhost:8081/';
   $CONFIG['onlyoffice']['DocumentServerInternalUrl'] = 'http://documentserver/';
+  $CONFIG['onlyoffice']['StorageUrl'] = 'http://nginx/';
 }
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index ae5e0ef..1936b17 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -36,6 +36,7 @@ services:
       - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
       - ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL}
       - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+      - ONLYOFFICE_STORAGE_URL=${ONLYOFFICE_STORAGE_URL}
       - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     volumes:
       - nextcloud-config:/var/www/html/config
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index a8e04d1..d8f3c06 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -31,8 +31,9 @@ occ maintenance:repair --include-expensive
 # Set background jobs to use system cron
 occ background:cron
 
-# Set only office server settings from env (with defaults)
+# Set only office server settings from env (with defaults) 
 occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://localhost:8081/}"
 occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
 occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
 occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://documentserver}"
+occ config:app:set onlyoffice StorageUrl --value="${ONLYOFFICE_STORAGE_URL:-http://nginx}"
-- 
GitLab


From 391bf1632a08e3c306e6990e742618394be194d4 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Thu, 6 Nov 2025 22:27:40 +0600
Subject: [PATCH 38/49] Removed unnecessary comment from slim.Dockerfile

---
 config/nextcloud/onlyoffice.php => onlyoffice.php | 0
 slim.Dockerfile                                   | 4 +---
 2 files changed, 1 insertion(+), 3 deletions(-)
 rename config/nextcloud/onlyoffice.php => onlyoffice.php (100%)

diff --git a/config/nextcloud/onlyoffice.php b/onlyoffice.php
similarity index 100%
rename from config/nextcloud/onlyoffice.php
rename to onlyoffice.php
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 9352118..c2f618d 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -28,11 +28,9 @@ RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Images \
  && mkdir -p ${BASE_DIR}/themes/Murena
 
-# New: Add OnlyOffice samples to skeleton
 COPY samples/onlyoffice/ ${BASE_DIR}/core/skeleton/files_samples/
 RUN chown -R www-data:www-data ${BASE_DIR}/core/skeleton/files_samples/ || true
 
-# Install unzip for unzipping artifacts
 RUN apt-get update && apt-get install -y unzip ffmpeg syslog-ng
 
 # Murena apps
@@ -52,7 +50,7 @@ RUN curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 # Murena theme
 RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes
 RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
-# New: Install OnlyOffice app
+# OnlyOffice app
 RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps && \
     mv ${BASE_DIR}/custom_apps/onlyoffice ${BASE_DIR}/apps/onlyoffice  # Enable in apps/ dir for occ
 
-- 
GitLab


From f5efc22a09d3a2a5877fee7a9b9f59c72ff2345f Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 00:23:04 +0600
Subject: [PATCH 39/49] Drop onlyoffice.php

---
 docker-compose.local.yml                   |  2 ++
 hooks.d/post-installation/murena-config.sh | 14 +++++++++----
 onlyoffice.php                             | 24 ----------------------
 3 files changed, 12 insertions(+), 28 deletions(-)
 delete mode 100644 onlyoffice.php

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 468230d..4efe10e 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -16,6 +16,8 @@ services:
       retries: 5
     networks:
       - worker-network
+    ports:
+      - "5432:5432"  # Expose for local connections (optional)
 
   redis:
     image: redis:7.4-alpine
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index d8f3c06..3f06fd7 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -32,8 +32,14 @@ occ maintenance:repair --include-expensive
 occ background:cron
 
 # Set only office server settings from env (with defaults) 
-occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://localhost:8081/}"
+occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-}"
 occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
-occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
-occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://documentserver}"
-occ config:app:set onlyoffice StorageUrl --value="${ONLYOFFICE_STORAGE_URL:-http://nginx}"
+occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-}"
+occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-}"
+occ config:app:set onlyoffice StorageUrl --value="${ONLYOFFICE_STORAGE_URL:-}"
+
+# occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://localhost:8081/}"
+# occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
+# occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
+# occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://documentserver}"
+# occ config:app:set onlyoffice StorageUrl --value="${ONLYOFFICE_STORAGE_URL:-http://nginx}"
\ No newline at end of file
diff --git a/onlyoffice.php b/onlyoffice.php
deleted file mode 100644
index 8c48fc7..0000000
--- a/onlyoffice.php
+++ /dev/null
@@ -1,24 +0,0 @@
-<?php
-if (!isset($CONFIG)) $CONFIG = [];
-
-$map = [
-    'ONLYOFFICE_DOCUMENT_SERVER_URL' => 'DocumentServerUrl',
-    'ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL' => 'DocumentServerInternalUrl',
-    'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
-    'ONLYOFFICE_JWT_HEADER' => 'Authorization',
-    'ONLYOFFICE_STORAGE_URL' => 'StorageUrl',
-];
-
-foreach ($map as $env => $key) {
-    $val = getenv($env);
-    if ($val !== false && $val !== '') {
-        $CONFIG['onlyoffice'][$key] = $val;
-    }
-}
-
-# Default for local runs
-if (empty($CONFIG['onlyoffice']['DocumentServerUrl'])) {
-  $CONFIG['onlyoffice']['DocumentServerUrl'] = 'http://localhost:8081/';
-  $CONFIG['onlyoffice']['DocumentServerInternalUrl'] = 'http://documentserver/';
-  $CONFIG['onlyoffice']['StorageUrl'] = 'http://nginx/';
-}
\ No newline at end of file
-- 
GitLab


From 4cd537b926e45c943e4c032be27c3d2f48d2355b Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 00:32:31 +0600
Subject: [PATCH 40/49] rename onlyoofice.php to onlyoffice.config.php

---
 config/nextcloud/onlyoffice.config.php     | 24 ++++++++++++++++++++++
 hooks.d/post-installation/murena-config.sh | 15 +-------------
 2 files changed, 25 insertions(+), 14 deletions(-)
 create mode 100644 config/nextcloud/onlyoffice.config.php

diff --git a/config/nextcloud/onlyoffice.config.php b/config/nextcloud/onlyoffice.config.php
new file mode 100644
index 0000000..8c48fc7
--- /dev/null
+++ b/config/nextcloud/onlyoffice.config.php
@@ -0,0 +1,24 @@
+<?php
+if (!isset($CONFIG)) $CONFIG = [];
+
+$map = [
+    'ONLYOFFICE_DOCUMENT_SERVER_URL' => 'DocumentServerUrl',
+    'ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL' => 'DocumentServerInternalUrl',
+    'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
+    'ONLYOFFICE_JWT_HEADER' => 'Authorization',
+    'ONLYOFFICE_STORAGE_URL' => 'StorageUrl',
+];
+
+foreach ($map as $env => $key) {
+    $val = getenv($env);
+    if ($val !== false && $val !== '') {
+        $CONFIG['onlyoffice'][$key] = $val;
+    }
+}
+
+# Default for local runs
+if (empty($CONFIG['onlyoffice']['DocumentServerUrl'])) {
+  $CONFIG['onlyoffice']['DocumentServerUrl'] = 'http://localhost:8081/';
+  $CONFIG['onlyoffice']['DocumentServerInternalUrl'] = 'http://documentserver/';
+  $CONFIG['onlyoffice']['StorageUrl'] = 'http://nginx/';
+}
\ No newline at end of file
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index 3f06fd7..ff9a4a3 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -29,17 +29,4 @@ occ db:add-missing-indices
 occ maintenance:repair --include-expensive
 
 # Set background jobs to use system cron
-occ background:cron
-
-# Set only office server settings from env (with defaults) 
-occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-}"
-occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
-occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-}"
-occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-}"
-occ config:app:set onlyoffice StorageUrl --value="${ONLYOFFICE_STORAGE_URL:-}"
-
-# occ config:app:set onlyoffice DocumentServerUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_URL:-http://localhost:8081/}"
-# occ config:app:set onlyoffice jwt_secret --value="${ONLYOFFICE_JWT_SECRET:-}"
-# occ config:app:set onlyoffice jwt_header --value="${ONLYOFFICE_JWT_HEADER:-Authorization}"
-# occ config:app:set onlyoffice DocumentServerInternalUrl --value="${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL:-http://documentserver}"
-# occ config:app:set onlyoffice StorageUrl --value="${ONLYOFFICE_STORAGE_URL:-http://nginx}"
\ No newline at end of file
+occ background:cron
\ No newline at end of file
-- 
GitLab


From 8aa32b9cbe3397da6b17f4e0109307df63c2ba24 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 00:36:25 +0600
Subject: [PATCH 41/49] Newline removed	modified:  
 config/nextcloud/pgsql_ssl.config.php

---
 config/nextcloud/pgsql_ssl.config.php | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/config/nextcloud/pgsql_ssl.config.php b/config/nextcloud/pgsql_ssl.config.php
index dd825e7..bf34487 100644
--- a/config/nextcloud/pgsql_ssl.config.php
+++ b/config/nextcloud/pgsql_ssl.config.php
@@ -6,6 +6,4 @@ if (getenv('POSTGRES_SSL_MODE')) {
       'rootcert' => getenv('POSTGRES_SSL_ROOTCERT') ?: null,
     ),
   );
-}
-
-
+}
\ No newline at end of file
-- 
GitLab


From c92e0c95368ee138d2c3e1b545d28a9419fd20cf Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 00:39:17 +0600
Subject: [PATCH 42/49] Extra PGSQL variables removed

---
 .env.example | 7 -------
 1 file changed, 7 deletions(-)

diff --git a/.env.example b/.env.example
index 53a02b8..4a596d1 100644
--- a/.env.example
+++ b/.env.example
@@ -21,13 +21,6 @@ DB_USER=nextcloud
 DB_PASSWORD=123456
 DB_NAME=nextcloud
 
-# Aliases for Nextcloud Docker entrypoint (automated install)
-POSTGRES_HOST=db
-POSTGRES_DB=nextcloud
-POSTGRES_USER=nextcloud
-POSTGRES_PASSWORD=123456
-
-
 # redis
 REDIS_HOST=redis
 REDIS_HOST_PASSWORD=12456
-- 
GitLab


From 28985b34b2594faff0909425653e84a6cc1c00e8 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 00:41:22 +0600
Subject: [PATCH 43/49] removed OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}

---
 .env.example | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.env.example b/.env.example
index 4a596d1..6498666 100644
--- a/.env.example
+++ b/.env.example
@@ -47,7 +47,6 @@ ONLYOFFICE_JWT_HEADER=Authorization
 ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
 ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver
 ONLYOFFICE_STORAGE_URL=http://nginx/
-OC_PASS=${NEXTCLOUD_ADMIN_PASSWORD}
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
 
-- 
GitLab


From 808a94fb1a582a3c85648e6b7563c2feb7775f72 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 01:02:22 +0600
Subject: [PATCH 44/49] Reverted to origin modified:  
 custom_entrypoint-slim.sh

---
 custom_entrypoint-slim.sh | 29 +++--------------------------
 1 file changed, 3 insertions(+), 26 deletions(-)

diff --git a/custom_entrypoint-slim.sh b/custom_entrypoint-slim.sh
index 7793ed0..4f71c47 100755
--- a/custom_entrypoint-slim.sh
+++ b/custom_entrypoint-slim.sh
@@ -1,35 +1,12 @@
 #!/bin/sh
-set -e
-echo "Murena entrypoint"
-
-# ------------------------------------------------------------------------------
-# 1. Export environment variables for OnlyOffice & Nextcloud
-# ------------------------------------------------------------------------------
-# These exports ensure PHP config files (like onlyoffice.php) can read values
-# from the container environment.
-export ONLYOFFICE_DOCUMENT_SERVER_URL
-export ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL
-export ONLYOFFICE_JWT_SECRET
-export ONLYOFFICE_DB_PASSWORD
-export ONLYOFFICE_DB_USER
-export ONLYOFFICE_DB_NAME
-export ONLYOFFICE_DB_HOST
-export ONLYOFFICE_DB_TYPE
 
-export NEXTCLOUD_TRUSTED_DOMAINS
-export TRUSTED_PROXIES
-export OVERWRITEPROTOCOL
-export SYSLOG_HOST
+echo "Murena entrypoint"
 
 # syslog-ng
-if [ -n "${SYSLOG_HOST}" ]; then
-  echo "Configuring syslog-ng for host: ${SYSLOG_HOST}"
+if [ -n ${SYSLOG_HOST} ]; then
   sed -i "s|\${SYSLOG_HOST}|${SYSLOG_HOST:-127.0.0.1}|g" /etc/syslog-ng/syslog-ng.conf
   syslog-ng --no-caps
   echo "syslog-ng started."
-else
-  echo "No SYSLOG_HOST defined — skipping syslog-ng setup."
 fi
 
-echo "Starting Nextcloud main entrypoint..."
-exec /entrypoint.sh "$@"
+/entrypoint.sh "$@"
\ No newline at end of file
-- 
GitLab


From 2da2f3450372d93e7eae33d0dd4c018fc7cd5b63 Mon Sep 17 00:00:00 2001
From: sajid khan <sajidk25@gmail.com>
Date: Fri, 7 Nov 2025 01:22:23 +0600
Subject: [PATCH 45/49] COPY samples/onlyoffice/
 ${BASE_DIR}/core/skeleton/Document/

---
 slim.Dockerfile | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/slim.Dockerfile b/slim.Dockerfile
index c2f618d..7c82573 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -5,9 +5,11 @@ ENV NEXTCLOUD_VERSION_LONG=30.0.16.1
 
 ARG BASE_DIR="/usr/src/nextcloud"
 ARG TMP_PATCH_DIR="/tmp/build_patches"
+
 ARG CONTACTS_URL="https://gitlab.e.foundation/api/v4/projects/1238/packages/generic/contacts/v7.2.0+murena-20250926/contacts-v7.2.0+murena-20250926.tar.gz"
 ARG CALENDAR_URL="https://gitlab.e.foundation/api/v4/projects/1199/packages/generic/calendar/v5.3.5+murena-20250919/calendar-v5.3.5+murena-20250919.tar.gz"
 ARG THEME_HELPER_URL="https://gitlab.e.foundation/api/v4/projects/952/packages/generic/ecloud-theme-helper/v8.0.2/ecloud-theme-helper-v8.0.2.tar.gz"
+
 ARG LAUNCHER_URL="https://gitlab.e.foundation/api/v4/projects/927/packages/generic/murena_launcher/v8.0.1/murena_launcher-v8.0.1.tar.gz"
 ARG DASHBOARD_URL="https://gitlab.e.foundation/api/v4/projects/1195/packages/generic/murena-dashboard/8.0.0/murena-dashboard-8.0.0.tar.gz"
 ARG SNAPPY_URL="https://gitlab.e.foundation/api/v4/projects/1367/packages/generic/snappymail/v2.38.2+murena-20250822/snappymail-v2.38.2+murena-20250822.tar.gz"
@@ -28,8 +30,7 @@ RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Images \
  && mkdir -p ${BASE_DIR}/themes/Murena
 
-COPY samples/onlyoffice/ ${BASE_DIR}/core/skeleton/files_samples/
-RUN chown -R www-data:www-data ${BASE_DIR}/core/skeleton/files_samples/ || true
+COPY --chown=www-data:www-data samples/onlyoffice/ ${BASE_DIR}/core/skeleton/Documents/
 
 RUN apt-get update && apt-get install -y unzip ffmpeg syslog-ng
 
-- 
GitLab


From 12a2debb5f2961f56ed6933ee62113c4eb3aa781 Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Wed, 12 Nov 2025 17:15:54 +0100
Subject: [PATCH 46/49] chore: cleanup review

---
 .env.example                               |  9 +++---
 config/nextcloud/murena.config.php         |  2 +-
 config/nextcloud/onlyoffice.config.php     | 32 +++++++---------------
 config/nextcloud/pgsql_ssl.config.php      |  2 +-
 custom_entrypoint-slim.sh                  |  2 +-
 docker-compose.local.yml                   | 23 +++-------------
 docker-compose.yml                         |  4 +--
 hooks.d/post-installation/murena-config.sh |  5 ++--
 slim.Dockerfile                            | 11 +++-----
 9 files changed, 31 insertions(+), 59 deletions(-)

diff --git a/.env.example b/.env.example
index 6498666..d4982aa 100644
--- a/.env.example
+++ b/.env.example
@@ -28,7 +28,7 @@ REDIS_HOST_PASSWORD=12456
 # nextcloud
 NEXTCLOUD_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/slim:latest
 NEXTCLOUD_ADMIN_USER=admin
-NEXTCLOUD_ADMIN_PASSWORD=@dmin
+NEXTCLOUD_ADMIN_PASSWORD=@dm1n
 NEXTCLOUD_TRUSTED_DOMAINS=nginx
 TRUSTED_PROXIES=
 OVERWRITEPROTOCOL=
@@ -41,12 +41,13 @@ ONLYOFFICE_DB_HOST=db
 ONLYOFFICE_DB_PORT=5432
 ONLYOFFICE_DB_NAME=onlyoffice
 ONLYOFFICE_DB_USER=onlyoffice
+ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
 ONLYOFFICE_DOCUMENT_SERVER_URL=http://localhost:8081  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
+ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver/
+ONLYOFFICE_STORAGE_URL=http://nginx/
 ONLYOFFICE_JWT_SECRET=01c48da78419982ff70fe3f1979f9df54fcb4cc954a638dab7cf98d9da09c7ae # $(openssl rand -hex 32)  # Generate: openssl rand -hex 32
 ONLYOFFICE_JWT_HEADER=Authorization
-ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
-ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver
-ONLYOFFICE_STORAGE_URL=http://nginx/
+
 # nginx
 NGINX_DOCKER_IMG=registry.gitlab.e.foundation/e/infra/ecloud/nextcloud/nginx:latest
 
diff --git a/config/nextcloud/murena.config.php b/config/nextcloud/murena.config.php
index 88d8847..ccf639b 100644
--- a/config/nextcloud/murena.config.php
+++ b/config/nextcloud/murena.config.php
@@ -31,4 +31,4 @@ $CONFIG = array(
 if (getenv('SENTRY_DSN') && getenv('SENTRY_PUBLIC_DSN')) {
   $CONFIG['sentry.dsn'] = getenv('SENTRY_DSN');
   $CONFIG['sentry.public-dsn'] = getenv('SENTRY_PUBLIC_DSN');
-}
\ No newline at end of file
+}
diff --git a/config/nextcloud/onlyoffice.config.php b/config/nextcloud/onlyoffice.config.php
index 8c48fc7..fb9a44b 100644
--- a/config/nextcloud/onlyoffice.config.php
+++ b/config/nextcloud/onlyoffice.config.php
@@ -1,24 +1,12 @@
 <?php
-if (!isset($CONFIG)) $CONFIG = [];
-
-$map = [
-    'ONLYOFFICE_DOCUMENT_SERVER_URL' => 'DocumentServerUrl',
-    'ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL' => 'DocumentServerInternalUrl',
-    'ONLYOFFICE_JWT_SECRET' => 'jwt_secret',
-    'ONLYOFFICE_JWT_HEADER' => 'Authorization',
-    'ONLYOFFICE_STORAGE_URL' => 'StorageUrl',
-];
-
-foreach ($map as $env => $key) {
-    $val = getenv($env);
-    if ($val !== false && $val !== '') {
-        $CONFIG['onlyoffice'][$key] = $val;
-    }
+if (getenv('ONLYOFFICE_DOCUMENT_SERVER_URL')) {
+  $CONFIG = array(
+    'onlyoffice' => array(
+      'DocumentServerUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_URL') ?: 'http://localhost:8081/',
+      'DocumentServerInternalUrl' => getenv('ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL') ?: 'http://documentserver/',
+      'StorageUrl' => getenv('ONLYOFFICE_STORAGE_URL') ?: 'http://nginx',
+      'jwt_secret' => getenv('ONLYOFFICE_JWT_SECRET') ?: '',
+      'jwt_header' => getenv('ONLYOFFICE_JWT_HEADER') ?: 'Authorization',
+    ),
+  );
 }
-
-# Default for local runs
-if (empty($CONFIG['onlyoffice']['DocumentServerUrl'])) {
-  $CONFIG['onlyoffice']['DocumentServerUrl'] = 'http://localhost:8081/';
-  $CONFIG['onlyoffice']['DocumentServerInternalUrl'] = 'http://documentserver/';
-  $CONFIG['onlyoffice']['StorageUrl'] = 'http://nginx/';
-}
\ No newline at end of file
diff --git a/config/nextcloud/pgsql_ssl.config.php b/config/nextcloud/pgsql_ssl.config.php
index bf34487..6e1a11a 100644
--- a/config/nextcloud/pgsql_ssl.config.php
+++ b/config/nextcloud/pgsql_ssl.config.php
@@ -6,4 +6,4 @@ if (getenv('POSTGRES_SSL_MODE')) {
       'rootcert' => getenv('POSTGRES_SSL_ROOTCERT') ?: null,
     ),
   );
-}
\ No newline at end of file
+}
diff --git a/custom_entrypoint-slim.sh b/custom_entrypoint-slim.sh
index 4f71c47..7260094 100755
--- a/custom_entrypoint-slim.sh
+++ b/custom_entrypoint-slim.sh
@@ -9,4 +9,4 @@ if [ -n ${SYSLOG_HOST} ]; then
   echo "syslog-ng started."
 fi
 
-/entrypoint.sh "$@"
\ No newline at end of file
+/entrypoint.sh "$@"
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 4efe10e..a863042 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -16,8 +16,6 @@ services:
       retries: 5
     networks:
       - worker-network
-    ports:
-      - "5432:5432"  # Expose for local connections (optional)
 
   redis:
     image: redis:7.4-alpine
@@ -41,10 +39,6 @@ services:
       context: .
       dockerfile: slim.Dockerfile
       target: nextcloud    
-    volumes:
-      # Mount config/data (assumed missing; adjust paths if external)
-      - nextcloud-config:/var/www/html/config
-      - nextcloud-data:/var/www/html/data
     depends_on:
       syslog:
         condition: service_started
@@ -55,12 +49,6 @@ services:
       redis:
         condition: service_healthy
         required: false
-    healthcheck:
-      test: ["CMD-SHELL", "php occ status"]
-      interval: 10s
-      timeout: 5s
-      retries: 5
-      start_period: 60s  # Extra grace for install/hooks
 
   nginx:
     build:
@@ -70,10 +58,8 @@ services:
     ports:
       - "8000:80"
     depends_on:
-      nextcloud:
-        condition: service_healthy
+      - nextcloud
   
-  # OnlyOffice Document Server
   documentserver:
     image: onlyoffice/documentserver:9.1
     container_name: documentserver
@@ -82,15 +68,14 @@ services:
       db:
         condition: service_healthy  
     environment:
-      # Shared DB (password from env)
       - DB_TYPE=${ONLYOFFICE_DB_TYPE:-postgres}
       - DB_HOST=${ONLYOFFICE_DB_HOST:-db}
       - DB_PORT=${ONLYOFFICE_DB_PORT:-5432}
       - DB_NAME=${ONLYOFFICE_DB_NAME:-onlyoffice}
       - DB_USER=${ONLYOFFICE_DB_USER:-onlyoffice}
       - DB_PWD=${ONLYOFFICE_DB_PASSWORD:-onlyoffice}
-      # JWT from env
       - JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+      - JWT_HEADER=${ONLYOFFICE_JWT_HEADER:-Authorization}
     ports:
       - "8081:80"  # Local HTTP access
     volumes:
@@ -114,8 +99,8 @@ volumes: !override
 
 networks:
   proxy-network:
-    external: true
+    external: false
     name: proxy-network
   worker-network:
-    external: true
+    external: false
     name: worker-network
diff --git a/docker-compose.yml b/docker-compose.yml
index 1936b17..f3e2810 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -35,9 +35,9 @@ services:
       - OBJECTSTORE_S3_AUTOCREATE=${OBJECTSTORE_S3_AUTOCREATE}
       - ONLYOFFICE_DOCUMENT_SERVER_URL=${ONLYOFFICE_DOCUMENT_SERVER_URL}
       - ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=${ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL}
-      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
       - ONLYOFFICE_STORAGE_URL=${ONLYOFFICE_STORAGE_URL}
-      - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
+      - ONLYOFFICE_JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
+      - ONLYOFFICE_JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
     volumes:
       - nextcloud-config:/var/www/html/config
       - nextcloud-data:/var/www/html/data
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index ff9a4a3..d12ac3d 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -18,10 +18,11 @@ occ app:enable oidc_login
 occ app:enable notes
 occ app:enable tasks
 occ app:enable sentry
+occ app:enable onlyoffice
 
 occ app:disable firstrunwizard
 occ app:disable logreader
-occ app:enable onlyoffice
+
 # database
 occ db:add-missing-indices
 
@@ -29,4 +30,4 @@ occ db:add-missing-indices
 occ maintenance:repair --include-expensive
 
 # Set background jobs to use system cron
-occ background:cron
\ No newline at end of file
+occ background:cron
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 7c82573..2547659 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -9,27 +9,26 @@ ARG TMP_PATCH_DIR="/tmp/build_patches"
 ARG CONTACTS_URL="https://gitlab.e.foundation/api/v4/projects/1238/packages/generic/contacts/v7.2.0+murena-20250926/contacts-v7.2.0+murena-20250926.tar.gz"
 ARG CALENDAR_URL="https://gitlab.e.foundation/api/v4/projects/1199/packages/generic/calendar/v5.3.5+murena-20250919/calendar-v5.3.5+murena-20250919.tar.gz"
 ARG THEME_HELPER_URL="https://gitlab.e.foundation/api/v4/projects/952/packages/generic/ecloud-theme-helper/v8.0.2/ecloud-theme-helper-v8.0.2.tar.gz"
-
 ARG LAUNCHER_URL="https://gitlab.e.foundation/api/v4/projects/927/packages/generic/murena_launcher/v8.0.1/murena_launcher-v8.0.1.tar.gz"
 ARG DASHBOARD_URL="https://gitlab.e.foundation/api/v4/projects/1195/packages/generic/murena-dashboard/8.0.0/murena-dashboard-8.0.0.tar.gz"
 ARG SNAPPY_URL="https://gitlab.e.foundation/api/v4/projects/1367/packages/generic/snappymail/v2.38.2+murena-20250822/snappymail-v2.38.2+murena-20250822.tar.gz"
 ARG OIDC_LOGIN_URL="https://gitlab.e.foundation/api/v4/projects/1496/packages/generic/oidc_login/3.2.2-4/oidc_login-3.2.2-4.tar.gz"
+
 ARG NOTES_URL="https://github.com/nextcloud-releases/notes/releases/download/v4.11.0/notes-v4.11.0.tar.gz"
 ARG TASKS_URL="https://github.com/nextcloud/tasks/releases/download/v0.16.1/tasks.tar.gz"
 ARG SENTRY_URL="https://github.com/ChristophWurst/nextcloud_sentry/releases/download/v8.15.15/sentry-v8.15.15.tar.gz"
 ARG ONLYOFFICE_URL="https://github.com/ONLYOFFICE/onlyoffice-nextcloud/releases/download/v9.11.0/onlyoffice.tar.gz"
+
 ARG THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/315/packages/generic/eCloud/v30.0.3/eCloud-v30.0.3.tar.gz"
 ARG SNAPPY_THEME_VERSION="https://gitlab.e.foundation/api/v4/projects/1377/packages/generic/snappymail/v4.0.5/snappymail-v4.0.5.tar.gz"
 
 COPY custom_entrypoint-slim.sh /
 COPY hooks.d/ /docker-entrypoint-hooks.d/
-RUN find /docker-entrypoint-hooks.d -name "*.sh" -exec chmod +x {} \;
 
 RUN rm -rf ${BASE_DIR}/core/skeleton/* ${BASE_DIR}/themes/example \
  && mkdir -p ${BASE_DIR}/core/skeleton/Documents \
  && mkdir -p ${BASE_DIR}/core/skeleton/Images \
  && mkdir -p ${BASE_DIR}/themes/Murena
-
 COPY --chown=www-data:www-data samples/onlyoffice/ ${BASE_DIR}/core/skeleton/Documents/
 
 RUN apt-get update && apt-get install -y unzip ffmpeg syslog-ng
@@ -47,13 +46,11 @@ RUN curl -sL ${OIDC_LOGIN_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 RUN curl -sL ${NOTES_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 RUN curl -sL ${TASKS_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 RUN curl -sL ${SENTRY_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
+RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps
 
 # Murena theme
 RUN curl -sL ${THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes
 RUN curl -sL ${SNAPPY_THEME_VERSION} | tar xzf - -C ${BASE_DIR}/themes/Murena/
-# OnlyOffice app
-RUN curl -sL ${ONLYOFFICE_URL} | tar xzf - -C ${BASE_DIR}/custom_apps && \
-    mv ${BASE_DIR}/custom_apps/onlyoffice ${BASE_DIR}/apps/onlyoffice  # Enable in apps/ dir for occ
 
 COPY config/nextcloud/ /usr/src/nextcloud/config/
 
@@ -75,4 +72,4 @@ CMD ["php-fpm"]
 FROM nginx:1.29-alpine AS nginx
 
 COPY ./config/nginx/templates /etc/nginx/templates
-COPY --from=nextcloud /var/www/html /var/www/html
\ No newline at end of file
+COPY --from=nextcloud /var/www/html /var/www/html
-- 
GitLab


From f6c815a7703123557fe52b746f188b99b853bcba Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Wed, 12 Nov 2025 17:59:59 +0100
Subject: [PATCH 47/49] chore: setup a dynamic config for onlyoffice db

---
 .env.example                       |  3 +--
 config/postgres/init-onlyoffice.sh | 22 +++++++++++-----------
 docker-compose.local.yml           | 22 ++++++++++++----------
 3 files changed, 24 insertions(+), 23 deletions(-)

diff --git a/.env.example b/.env.example
index d4982aa..aa681b5 100644
--- a/.env.example
+++ b/.env.example
@@ -36,12 +36,11 @@ SENTRY_DSN=
 SENTRY_PUBLIC_DSN=
 
 # OnlyOffice
-ONLYOFFICE_DB_TYPE=postgres
 ONLYOFFICE_DB_HOST=db
 ONLYOFFICE_DB_PORT=5432
 ONLYOFFICE_DB_NAME=onlyoffice
 ONLYOFFICE_DB_USER=onlyoffice
-ONLYOFFICE_DB_PASSWORD=onlyoffice  # For DB user; override in production with secure password
+ONLYOFFICE_DB_PASSWORD=123456
 ONLYOFFICE_DOCUMENT_SERVER_URL=http://localhost:8081  # Internal Docker URL (auto-adjusts to https in staging/prod via env)
 ONLYOFFICE_DOCUMENT_SERVER_INTERNAL_URL=http://documentserver/
 ONLYOFFICE_STORAGE_URL=http://nginx/
diff --git a/config/postgres/init-onlyoffice.sh b/config/postgres/init-onlyoffice.sh
index 5bb87cc..e07ba72 100755
--- a/config/postgres/init-onlyoffice.sh
+++ b/config/postgres/init-onlyoffice.sh
@@ -3,29 +3,29 @@ set -euo pipefail  # Exit on error, undefined vars, pipe failures
 
 # Helper: Run psql command (uses POSTGRES_USER/DB for auth)
 run_psql() {
-  psql -v ON_ERROR_STOP=1 -U "${POSTGRES_USER}" -d "${POSTGRES_DB}" "$@"
+  psql -v ON_ERROR_STOP=1 -U "${POSTGRES_USER}" "$@"
 }
 
 echo "Starting OnlyOffice DB init..."
 
 # Create user if not exists (transaction-safe)
-if ! run_psql -tAc "SELECT 1 FROM pg_roles WHERE rolname = 'onlyoffice'" | grep -q 1; then
-  run_psql -c "CREATE USER onlyoffice WITH PASSWORD '${ONLYOFFICE_DB_PASSWORD:-onlyoffice}';"
-  echo "Created user 'onlyoffice'."
+if ! run_psql -tAc "SELECT 1 FROM pg_roles WHERE rolname = '${ONLYOFFICE_DB_USER}'" | grep -q 1; then
+  run_psql -c "CREATE USER ${ONLYOFFICE_DB_USER} WITH PASSWORD '${ONLYOFFICE_DB_PASSWORD}';"
+  echo "Created user '${ONLYOFFICE_DB_USER}'."
 else
-  echo "User 'onlyoffice' already exists."
+  echo "User '${ONLYOFFICE_DB_USER}' already exists."
 fi
 
 # Create DB if not exists (non-transactional: check first, then create)
-if ! run_psql -tAc "SELECT 1 FROM pg_database WHERE datname = 'onlyoffice'" | grep -q 1; then
+if ! run_psql -tAc "SELECT 1 FROM pg_database WHERE datname = '${ONLYOFFICE_DB_NAME}'" | grep -q 1; then
   # Temp connect as superuser to create DB
-  psql -v ON_ERROR_STOP=1 -U "${POSTGRES_USER}" -d "postgres" -c "CREATE DATABASE onlyoffice OWNER onlyoffice;"
-  echo "Created DB 'onlyoffice'."
+ run_psql -c "CREATE DATABASE ${ONLYOFFICE_DB_NAME} OWNER ${ONLYOFFICE_DB_USER};"
+  echo "Created DB '${ONLYOFFICE_DB_NAME}'."
 else
-  echo "DB 'onlyoffice' already exists."
+  echo "DB '${ONLYOFFICE_DB_NAME}' already exists."
 fi
 
 # Grant privileges (safe to re-run)
-run_psql -c "GRANT ALL PRIVILEGES ON DATABASE onlyoffice TO onlyoffice;"
+run_psql -c "GRANT ALL PRIVILEGES ON DATABASE ${ONLYOFFICE_DB_NAME} TO ${ONLYOFFICE_DB_USER};"
 
-echo "OnlyOffice DB and user initialized successfully."
\ No newline at end of file
+echo "OnlyOffice DB and user initialized successfully."
diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index a863042..16b335e 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -6,9 +6,12 @@ services:
       - POSTGRES_DB=${DB_NAME}
       - POSTGRES_USER=${DB_USER}
       - POSTGRES_PASSWORD=${DB_PASSWORD}
+      - ONLYOFFICE_DB_NAME=${ONLYOFFICE_DB_NAME}
+      - ONLYOFFICE_DB_USER=${ONLYOFFICE_DB_USER}
+      - ONLYOFFICE_DB_PASSWORD=${ONLYOFFICE_DB_PASSWORD}
     volumes:
       - db:/var/lib/postgresql/data
-      - ./config/postgres/init-onlyoffice.sh:/docker-entrypoint-initdb.d/10-onlyoffice.sh:ro  # Ensure .sh
+      - ./config/postgres/init-onlyoffice.sh:/docker-entrypoint-initdb.d/10-onlyoffice.sh:ro
     healthcheck:
       test: ["CMD-SHELL", "pg_isready -U ${DB_USER} -d ${DB_NAME}"]
       interval: 10s
@@ -38,7 +41,7 @@ services:
     build:
       context: .
       dockerfile: slim.Dockerfile
-      target: nextcloud    
+      target: nextcloud
     depends_on:
       syslog:
         condition: service_started
@@ -68,16 +71,15 @@ services:
       db:
         condition: service_healthy  
     environment:
-      - DB_TYPE=${ONLYOFFICE_DB_TYPE:-postgres}
-      - DB_HOST=${ONLYOFFICE_DB_HOST:-db}
-      - DB_PORT=${ONLYOFFICE_DB_PORT:-5432}
-      - DB_NAME=${ONLYOFFICE_DB_NAME:-onlyoffice}
-      - DB_USER=${ONLYOFFICE_DB_USER:-onlyoffice}
-      - DB_PWD=${ONLYOFFICE_DB_PASSWORD:-onlyoffice}
+      - DB_HOST=${ONLYOFFICE_DB_HOST}
+      - DB_PORT=${ONLYOFFICE_DB_PORT}
+      - DB_NAME=${ONLYOFFICE_DB_NAME}
+      - DB_USER=${ONLYOFFICE_DB_USER}
+      - DB_PWD=${ONLYOFFICE_DB_PASSWORD}
       - JWT_SECRET=${ONLYOFFICE_JWT_SECRET}
-      - JWT_HEADER=${ONLYOFFICE_JWT_HEADER:-Authorization}
+      - JWT_HEADER=${ONLYOFFICE_JWT_HEADER}
     ports:
-      - "8081:80"  # Local HTTP access
+      - "8081:80"
     volumes:
       - onlyoffice_data:/var/www/onlyoffice/Data
       - onlyoffice_logs:/var/log/onlyoffice
-- 
GitLab


From af514a7aab44af26524b7efe4ccfad4162b9480f Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Thu, 13 Nov 2025 09:54:50 +0100
Subject: [PATCH 48/49] fix: disable some onlyoffice features

---
 docker-compose.local.yml                   | 1 -
 hooks.d/post-installation/murena-config.sh | 6 ++++++
 slim.Dockerfile                            | 1 -
 3 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/docker-compose.local.yml b/docker-compose.local.yml
index 16b335e..a0baee9 100644
--- a/docker-compose.local.yml
+++ b/docker-compose.local.yml
@@ -65,7 +65,6 @@ services:
   
   documentserver:
     image: onlyoffice/documentserver:9.1
-    container_name: documentserver
     restart: unless-stopped
     depends_on:
       db:
diff --git a/hooks.d/post-installation/murena-config.sh b/hooks.d/post-installation/murena-config.sh
index d12ac3d..78e8b4e 100755
--- a/hooks.d/post-installation/murena-config.sh
+++ b/hooks.d/post-installation/murena-config.sh
@@ -31,3 +31,9 @@ occ maintenance:repair --include-expensive
 
 # Set background jobs to use system cron
 occ background:cron
+
+# config
+occ config:app:set onlyoffice preview --value=false
+occ config:app:set onlyoffice customization_plugins --value=false
+occ config:app:set onlyoffice customizationChat --value=false
+occ config:app:set onlyoffice customizationFeedback --value=false
diff --git a/slim.Dockerfile b/slim.Dockerfile
index 2547659..bffb134 100644
--- a/slim.Dockerfile
+++ b/slim.Dockerfile
@@ -62,7 +62,6 @@ RUN cd / && patch -p0 < ${TMP_PATCH_DIR}/037-remove-rsync-on-init-about-static-f
 # Initialize nextcloud /var/www/html and patch the default entrypoint.sh accordingly
 RUN rsync -rLDog --chown www-data:www-data --delete --exclude-from=/upgrade.exclude /usr/src/nextcloud/ /var/www/html/ \
  && rsync -rLDog --chown www-data:www-data --include "version.php" --include "/custom_apps/" --include "/themes/" --exclude '/*' /usr/src/nextcloud/ /var/www/html/
-RUN find /var/www/html/config -name "*.config.php" -exec chmod 644 {} \; || true
 
 COPY config/syslog-ng/syslog-ng.conf /etc/syslog-ng/syslog-ng.conf
 
-- 
GitLab


From f32880a8c87117ba6f10a4b6370f86868c1f78b4 Mon Sep 17 00:00:00 2001
From: Nicolas Gelot <nicolas.gelot@e.email>
Date: Thu, 13 Nov 2025 11:20:20 +0100
Subject: [PATCH 49/49] fix: rename docx sample

---
 samples/onlyoffice/{welcome..docx => welcome.docx} | Bin
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename samples/onlyoffice/{welcome..docx => welcome.docx} (100%)

diff --git a/samples/onlyoffice/welcome..docx b/samples/onlyoffice/welcome.docx
similarity index 100%
rename from samples/onlyoffice/welcome..docx
rename to samples/onlyoffice/welcome.docx
-- 
GitLab