diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 1e9fa46e1c5b90c63952b006eaff99584e4338a6..3e0a8000998bd682df0a2cb9d0b22fa0f3482d22 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -10,23 +10,56 @@ default:
   services:
     - docker:19.03.12-dind
   before_script:
-    - docker info
     - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
   tags:
     - generic_privileged
 
 build-branch:
-  except:
-    - tags
   stage: build
+  variables:
+    TARGET: ecloud
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: never
+    - if: $CI_COMMIT_TAG != null
+      when: never
+    - if: $CI_COMMIT_REF_SLUG =~ /^selfhost/
+      variables:
+        TARGET: "selfhost"
+    - if: $CI_COMMIT_REF_SLUG != null
+      when: on_success
+  allow_failure: true
   script:
-    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
+    - echo "TARGET $TARGET, BRANCH $CI_COMMIT_BRANCH, COMMIT_REF_SLUG $CI_COMMIT_REF_SLUG, COMMIT_TAG $CI_COMMIT_TAG"
+    - docker build --target $TARGET  --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
     - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
 
 build-tag:
-  only:
-    - tags
   stage: build
+  variables:
+    TARGET: ecloud
+  allow_failure: true
+  rules:
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
+      when: never
+    - if: $CI_COMMIT_TAG == null
+      when: never
+    - if: $CI_COMMIT_REF_SLUG =~ /^selfhost/
+      variables:
+        TARGET: "selfhost"
+    - if: $CI_COMMIT_TAG != null
+      when: on_success
   script:
-    - docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG" .
-    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG"
+    - echo "TARGET $TARGET, BRANCH $CI_COMMIT_BRANCH, COMMIT_REF_SLUG $CI_COMMIT_REF_SLUG, COMMIT_TAG $CI_COMMIT_TAG"
+    - docker build --target $TARGET  --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" .
+    - docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
+
+docker-tag:
+  stage: .post
+  rules:
+    - when: manual
+  script:
+    - echo "SOURCE $SOURCE, TARGET $TARGET"
+    - docker pull $CI_REGISTRY_IMAGE:$SOURCE
+    - docker tag $CI_REGISTRY_IMAGE:$SOURCE $CI_REGISTRY_IMAGE:$TARGET
+    - docker push $CI_REGISTRY_IMAGE:$TARGET
\ No newline at end of file
diff --git a/Dockerfile b/Dockerfile
index d06aae4ef540b18cf6cf3b05cdc8a3cd1f0281eb..941b735de35a528c798505bf449a5e992bcd8045 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,14 +1,13 @@
-FROM nextcloud:21.0.9-fpm AS nextcloud
+FROM nextcloud:20.0.12-fpm as base
 ARG BASE_DIR="/usr/src/nextcloud"
-ARG TMP_PATCH_DIR="/tmp/build_patches"
-ARG THEME_VERSION="21.1.1"
-ARG THEME_HELPER_VERSION="1.0.2"
-ARG NEWS_VERSION="17.0.1"
-ARG QUOTA_WARN_VERSION="1.13.0"
-ARG NOTES_VERSION="4.3.1"
-ARG CONTACTS_VERSION="4.0.8"
-ARG CALENDAR_VERSION="3.1.0"
-ARG USER_BACKEND_RAW_SQL_VERSION="1.1.1"
+ARG THEME_VERSION="20.1.3"
+ARG THEME_HELPER_VERSION="1.0.1"
+ARG NEWS_VERSION="16.0.1"
+ARG QUOTA_WARN_VERSION="1.9.1"
+ARG NOTES_VERSION="4.1.1"
+ARG CONTACTS_VERSION="4.0.1"
+ARG CALENDAR_VERSION="2.3.3"
+ARG USER_BACKEND_RAW_SQL_VERSION="1.1.0"
 ARG EMAIL_RECOVERY_JOB_ID="199763"
 ARG RAINLOOP_VERSION="7.1.2"
 ARG RAINLOOP_COMMIT_SHA="e9da581c"
@@ -16,7 +15,10 @@ ARG EA_TAG="1.0.0"
 ARG ECLOUD_LAUNCHER_JOB_ID="222001"
 ARG GOOGLE_INTEGRATION_VERSION="1.0.6"
 
-RUN sed -i 's/21,0,9,1/21,0,9,4/' ${BASE_DIR}/version.php
+RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images
+COPY custom_entrypoint.sh /
+RUN chmod +x /custom_entrypoint.sh
+RUN sed -i 's/20,0,12,1/20,0,12,17/' ${BASE_DIR}/version.php
 
 # Install unzip for unzipping artifacts
 RUN apt-get update && apt-get install unzip 
@@ -95,24 +97,63 @@ RUN apt-get -y remove unzip
 # force eCloud theme not to be disabled even when there is an upgrade process launched
 RUN sed -i "s/\$systemConfig->setValue('theme', '');/\$systemConfig->setValue('theme', 'eCloud');/g" ${BASE_DIR}/lib/base.php
 
+# fix min version of google data migration app
+RUN sed -i "s/min-version=\"22\"/min-version=\"20\"/" ${BASE_DIR}/custom_apps/integration_google/appinfo/info.xml
+
+# Remove colored background from email template logo
+RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php
+
+# Ignore OS dark mode for all users
+# Don't use user-specific dark theme css for non-logged in users
+RUN sed -i 's/OCA.Accessibility.theme="dark"/OCA.Accessibility.theme="light"/' ${BASE_DIR}/apps/accessibility/js/accessibilityoca.js
+RUN sed -i "s/$userValues = \['dark'\]/$userValues = \[\]/" ${BASE_DIR}/apps/accessibility/lib/Controller/AccessibilityController.php
+
+# Custom theme
+RUN curl -fsSL -o eCloud-theme.tar.gz \
+    "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \
+    tar -xf eCloud-theme.tar.gz -C /tmp/ && \
+    mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \
+    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \
+    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/
+
+# Replace "Get your own free account" NC link with /e/ Account link in public pages
+RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/<?php p(\$_\[\x27language\x27\]); ?>\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php 
+
+ENTRYPOINT ["/custom_entrypoint.sh"]
+CMD ["php-fpm"]
+
+
+FROM base as selfhost
+ARG BASE_DIR="/usr/src/nextcloud"
+ARG TMP_PATCH_DIR="/tmp/build_patches"
+
+COPY patches/ ${TMP_PATCH_DIR}/
+
 # Patches
 COPY patches/ ${TMP_PATCH_DIR}/
 RUN patch -u ${BASE_DIR}/core/Controller/LoginController.php -i ${TMP_PATCH_DIR}/002-login-without-domain.patch
-RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch
-RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch
-RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch
-RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch
 RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/006-recovery-email-changes.patch
 RUN patch -u ${BASE_DIR}/apps/settings/lib/Settings/Personal/ServerDevNotice.php -i ${TMP_PATCH_DIR}/007-remove-dev-notice.patch
 RUN patch -u ${BASE_DIR}/lib/private/Template/IconsCacher.php -i ${TMP_PATCH_DIR}/008-icons-cacher-theme-svgs.patch
 RUN patch -u ${BASE_DIR}/core/Controller/SvgController.php -i ${TMP_PATCH_DIR}/008-svg-controller-theme-svgs.patch
 RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/009-help-links.patch
-RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch
 RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/011-privacy-settings.patch
-RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch
-RUN patch -u ${BASE_DIR}/lib/private/Authentication/Token/PublicKeyTokenProvider.php -i ${TMP_PATCH_DIR}/013-revert-token-password-update.patch
 RUN rm -rf ${TMP_PATCH_DIR}
 
+FROM selfhost as ecloud
+ARG BASE_DIR="/usr/src/nextcloud"
+ARG TMP_PATCH_DIR="/tmp/build_patches"
+
+COPY patches/ ${TMP_PATCH_DIR}/
+
+# Privacy specific patches
+RUN patch -u ${BASE_DIR}/core/templates/layout.user.php -i ${TMP_PATCH_DIR}/003-contact-search-removal.patch
+RUN patch -u ${BASE_DIR}/core/Controller/ContactsMenuController.php -i ${TMP_PATCH_DIR}/004-contact-search-controller-removal.patch
+RUN cd ${BASE_DIR} && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-core.patch
+RUN cd ${BASE_DIR}/custom_apps && patch -p0 < ${TMP_PATCH_DIR}/005-autocomplete-user-leak-custom-app.patch
+RUN patch -u ${BASE_DIR}/lib/private/Updater.php -i ${TMP_PATCH_DIR}/010-disable-app-store-upgrade.patch
+RUN cd ${BASE_DIR} && patch -u ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php -i ${TMP_PATCH_DIR}/012-remove-user-status-widget.patch
+
 # autocomplete leak tweak apps frontend with sed, disable group suggestion
 
 RUN cd ${BASE_DIR}/custom_apps/contacts && sed -i 's/"GROUP","INDIVIDUAL"/"INDIVIDUAL"/g' js/contacts-main.js
@@ -122,132 +163,4 @@ RUN cd ${BASE_DIR}/custom_apps/calendar && sed -i 's/{name:\[a,"displayname"\]},
 
 # Set default widgets to calendar, tasks and notes
 RUN sed -i 's/recommendations,spreed,mail,calendar/calendar,tasks,notes/' ${BASE_DIR}/apps/dashboard/lib/Controller/DashboardController.php
-
-# Remove colored background from email template logo
-RUN sed -i 's/$this->header, \[$this->themingDefaults->getColorPrimary()/$this->header, \["none"/' ${BASE_DIR}/lib/private/Mail/EMailTemplate.php
-
-# fix min version of google data migration app
-RUN sed -i "s/min-version=\"22\"/min-version=\"21\"/" ${BASE_DIR}/custom_apps/integration_google/appinfo/info.xml
-RUN sed -i 's/ in Nextcloud/ /' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js
-RUN sed -i 's/Nextcloud administrator/administrator/' ${BASE_DIR}/custom_apps/integration_google/js/integration_google-personalSettings.js
-
-# Custom theme
-RUN curl -fsSL -o eCloud-theme.tar.gz \
-    "https://gitlab.e.foundation/e/infra/nextcloud-theme/-/archive/${THEME_VERSION}/nextcloud-theme-${THEME_VERSION}.tar.gz" && \
-    tar -xf eCloud-theme.tar.gz -C /tmp/ && \
-    mv /tmp/nextcloud-theme-${THEME_VERSION}/ ${BASE_DIR}/themes/eCloud && \
-    chown -R www-data:www-data ${BASE_DIR}/themes/eCloud/ && \
-    rm -rf eCloud-theme.tar.gz ${BASE_DIR}/themes/example/
-
-# Replace "Get your own free account" NC link with /e/ Account link in public pages
-RUN sed -i 's/https:\/\/nextcloud.com\/signup\//https:\/\/e\.foundation\/<?php p(\$_\[\x27language\x27\]); ?>\/e-email-invite\//' ${BASE_DIR}/core/templates/layout.public.php 
-
-# Use php 8 image
-FROM php:8.0.12-fpm-bullseye
-RUN mkdir -p /var/www/skeleton/Documents && mkdir -p /var/www/skeleton/Images
-
-# Copy all the required files from the nextcloud stage
-COPY --from=nextcloud /usr/src/nextcloud /usr/src/nextcloud
-COPY --from=nextcloud /usr/local/etc/php/conf.d/ /usr/local/etc/php/conf.d/
-COPY --from=nextcloud /*.sh /
-COPY --from=nextcloud /upgrade.exclude /
-COPY --from=nextcloud /var/spool/cron/crontabs /var/spool/cron/crontabs
-COPY --from=nextcloud /entrypoint.sh /
-
-# Copy entrypoints and add correct permissions
-COPY custom_entrypoint.sh /
-RUN chmod +x /custom_entrypoint.sh
-RUN chmod +x /entrypoint.sh
-
-# Install required dependencies of nextcloud
-RUN set -ex; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        rsync \
-        bzip2 \
-        busybox-static \
-        libldap-common \
-    ; \
-    rm -rf /var/lib/apt/lists/*;
-
-# install the PHP extensions we need
-# see https://docs.nextcloud.com/server/stable/admin_manual/installation/source_installation.html
-ENV PHP_MEMORY_LIMIT 512M
-ENV PHP_UPLOAD_LIMIT 512M
-RUN set -ex; \
-    \
-    savedAptMark="$(apt-mark showmanual)"; \
-    \
-    apt-get update; \
-    apt-get install -y --no-install-recommends \
-        libcurl4-openssl-dev \
-        libevent-dev \
-        libfreetype6-dev \
-        libicu-dev \
-        libjpeg-dev \
-        libldap2-dev \
-        libmcrypt-dev \
-        libmemcached-dev \
-        libpng-dev \
-        libpq-dev \
-        libxml2-dev \
-        libmagickwand-dev \
-        libzip-dev \
-        libwebp-dev \
-        libgmp-dev \
-    ; \
-    \
-    debMultiarch="$(dpkg-architecture --query DEB_BUILD_MULTIARCH)"; \
-    docker-php-ext-configure gd --with-freetype --with-jpeg --with-webp; \
-    docker-php-ext-configure ldap --with-libdir="lib/$debMultiarch"; \
-    docker-php-ext-install -j "$(nproc)" \
-        bcmath \
-        exif \
-        gd \
-        intl \
-        ldap \
-        opcache \
-        pcntl \
-        pdo_mysql \
-        pdo_pgsql \
-        zip \
-        gmp \
-    ; \
-    \
-# pecl will claim success even if one install fails, so we need to perform each install separately
-    pecl install APCu-5.1.21; \
-    pecl install memcached-3.1.5; \
-    pecl install redis-5.3.4; \
-    pecl install imagick-3.5.1; \
-    \
-    docker-php-ext-enable \
-        apcu \
-        memcached \
-        redis \
-        imagick \
-    ; \
-    rm -r /tmp/pear; \
-    \
-# reset apt-mark's "manual" list so that "purge --auto-remove" will remove all build dependencies
-    apt-mark auto '.*' > /dev/null; \
-    apt-mark manual $savedAptMark; \
-    ldd "$(php -r 'echo ini_get("extension_dir");')"/*.so \
-        | awk '/=>/ { print $3 }' \
-        | sort -u \
-        | xargs -r dpkg-query -S \
-        | cut -d: -f1 \
-        | sort -u \
-        | xargs -rt apt-mark manual; \
-    \
-    apt-get purge -y --auto-remove -o APT::AutoRemove::RecommendsImportant=false; 
-
-# Install imagemagick
-RUN apt-get -y install imagemagick;\
-    rm -rf /var/lib/apt/lists/*;
-
-VOLUME /var/www/html
-ENV NEXTCLOUD_VERSION 21.0.9
-
-ENTRYPOINT ["/custom_entrypoint.sh"]
-CMD ["php-fpm"]
+RUN rm -rf ${TMP_PATCH_DIR}
diff --git a/README.md b/README.md
index 16d13869ca707bc30adc4fbcb29cf2ce465600d3..684b091f0994a06cc2688f6982963f1c2ad2b557 100644
--- a/README.md
+++ b/README.md
@@ -61,3 +61,14 @@ We suggest you use our [ecloud-selfhosting](https://gitlab.e.foundation/e/infra/
 ## Contributing
 
 Anyone can fork a project on our GitLab instance, but to prevent abuse it's disabled by default. Get in touch with us [by e-mail](mailto:join@e.email) or through our support channels and we will let you create a fork and submit MRs.
+
+## Pipeline-Jobs
+
+By default pipeline builds image based on $CI_COMMIT_REF_SLUG. Any branch or tag starting with `selfhost` will build an image for selfhost target. And in all other cases image is built for `ecloud` target. The image is tagged with $CI_COMMIT_REF_SLUG and pushed to registry
+
+
+**Re-tagging**
+
+There is a provision to create a new tag from an existing image by simply running docker-tag job (manual action). It requires two input parameters, SOURCE and TARGET.
+
+Example: To publish a given image to production you can tag ecloud-21.x.x as ecloud-production, we just have to run `docker-tag` job by providing `SOURCE: ecloud-20.12.10` `TARGET: ecloud-production`. Ref : [this job](https://gitlab.e.foundation/e/infra/ecloud/nextcloud/-/jobs/219782)
\ No newline at end of file
diff --git a/patches/002-login-without-domain.patch b/patches/002-login-without-domain.patch
index 6e6706286120b34c1605ae32aa7756ef61e0956a..477bd803faf56e1a062103e877598642d49cbe68 100644
--- a/patches/002-login-without-domain.patch
+++ b/patches/002-login-without-domain.patch
@@ -17,7 +17,7 @@ diff --git files/LoginController.php files/LoginController-new.php
 +		$user = mb_strtolower($user, 'UTF-8');
 +		$domain = $this->config->getSystemValue("mail_domain");
 +		$domain_suffix = "@$domain";
-+		$admin_username = $_ENV["NEXTCLOUD_ADMIN_USER"];
++		$admin_username = mb_strtolower($_ENV["NEXTCLOUD_ADMIN_USER"], 'UTF-8');
 +		if (stristr($user, $domain_suffix) === FALSE && strcmp($user, $admin_username) != 0) {
 +			$user = $user . $domain_suffix;
 +		}
diff --git a/patches/011-privacy-settings.patch b/patches/011-privacy-settings.patch
index dfb46a590e71d1c4690491f2e2c05283ebf2b723..7fb8225c33fbfb27373af8db5427f042ca30bbb9 100644
--- a/patches/011-privacy-settings.patch
+++ b/patches/011-privacy-settings.patch
@@ -40,21 +40,54 @@ This patch removes certain unnecessary sections from the "privacy" section in pe
  	<h3><?php p($l->t('Who has access to your data?')) ?></h3>
  	<h4><?php p($l->t('Administrators')); ?></h4>
 
---- ./apps/privacy/templates/who-has-access.php	2022-03-10 18:22:26.498511800 +0530
-+++ ./apps/privacy/templates/who-has-access-new.php	2022-03-10 18:16:10.028511800 +0530
-@@ -5,11 +5,13 @@
+--- ./apps/privacy/templates/who-has-access.php	2022-03-17 16:48:46.124670200 +0530
++++ ./apps/privacy/templates/who-has-access-new.php	2022-03-17 16:41:15.624670200 +0530
+@@ -4,20 +4,27 @@
+ ?>
  
  <div id="themes" class="section">
- 	<h3><?php p($l->t('Who has access to your data?')) ?></h3>
+-	<h3><?php p($l->t('Who has access to your data?')) ?></h3>
 -	<h4><?php p($l->t('Administrators')); ?></h4>
 -	<div id="privacy_access_admins"></div>
-+	
++    <h3><?php p($l->t('Who has access to your data?')) ?></h3>
++    <h4><?php p($l->t('People you shared documents or folders with')) ?>:</h4>
++    <div id="privacy_access_shares"></div>
++    <p>&nbsp;</p>
++    <p><?php p($l->t('Like in most cloud services, a reduced number of administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.')); ?>
++    </p>
++    <p><a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank"
++            title="" rel="noreferrer noopener"><?php p($l->t('Learn more about this topic here.')); ?> ↗</a>
++    </p>
  
- 	<h4><?php p($l->t('People you shared with')) ?></h4>
- 	<div id="privacy_access_shares"></div>
-+	<h4><?php p($l->t('Administrators')); ?></h4>
-+	<p><?php p($l->t('Like in most cloud services, administrators can see your files and all the information in the database as they need to make backups, perform upgrades, reset passwords, etc.')); ?></p>
-+	<p><a href="https://doc.e.foundation/support-topics/services#can-the-ecloud-admin-access-my-data" target="_blank" title="" rel="noreferrer noopener"><?php p($l->t('Learn more about this topic here.')); ?> ↗</a></p>
+-	<h4><?php p($l->t('People you shared with')) ?></h4>
+-	<div id="privacy_access_shares"></div>
++    <?php if (!empty($_['privacyPolicyUrl'])): ?>
++    <h4><?php p($l->t('Privacy policy')) ?></h4>
++    <p>
++        <a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>
++    </p>
++    <?php endif; ?>
  
- 	<?php if (!empty($_['privacyPolicyUrl'])): ?>
- 	<h4><?php p($l->t('Privacy policy')) ?></h4>
+-	<?php if (!empty($_['privacyPolicyUrl'])): ?>
+-	<h4><?php p($l->t('Privacy policy')) ?></h4>
+-	<p>
+-		<a href="<?php print_unescaped($_['privacyPolicyUrl']) ?>"><?php p($l->t('Read the privacy policy.')) ?></a>
+-	</p>
+-	<?php endif; ?>
+-
+-	<h4><?php p($l->t('Encryption')) ?></h4>
+-	<div id="privacy_access_encryption"></div>
+-</div>
++    <h4><?php p($l->t('Encryption')) ?></h4>
++    <p>
++        <a href="https://nextcloud.com/blog/encryption-in-nextcloud/" target="_blank" title=""
++            rel="noreferrer noopener"><?php p($l->t('To protect your data, we have implemented server-side-encryption on our servers which hides by default the content of your files and notes even to these administrators.')); ?>
++            ↗</a>
++    </p>
++</div>
+\ No newline at end of file
+
+
+
+
+