initial nix based docker images

2026-06-03 09:04:12 +02:00 · 2025-06-07 18:24:39 +02:00 · 2025-06-07 18:24:39 +02:00 · 06bf3b4b62
commit 06bf3b4b62
parent 4972a889eb
72 changed files with 472 additions and 789 deletions
--- a/.forgejo/workflows/docker.yaml
+++ b/.forgejo/workflows/docker.yaml
@ -5,64 +5,37 @@ on:
    branches: ["main"]
    paths:
      - ".forgejo/**"
-      - "images/**"
+      - "nix/image/**"
 permissions:
  contents: read
 jobs:
  build-images:
-    runs-on: ubuntu-latest
+    runs-on: nix
    strategy:
      matrix:
        php-version: ["8.1", "8.2", "8.3", "8.4"]
-        variant: ["", "-dbg"]
+        variant: [""]
    name: haze-${{ matrix.php-version }}${{ matrix.variant }}
    steps:
      - name: Checkout repository
        uses: actions/checkout@v4
-
+      - uses: https://codeberg.org/icewind/attic-action@v1
      - uses: https://github.com/dorny/paths-filter@v3
        id: changes
        with:
-          filters: |
+          name: link
-            php:
+          instance: https://cache.icewind.link
-              - '.forgejo/**'
+          authToken: "${{ secrets.ATTIC_TOKEN }}"
              - 'images/php/**'
            haze:
              - '.forgejo/**'
              - 'images/php/**'
              - 'images/haze/**'
-      - name: Log in to the Container registry
+      - name: Build image
-        uses: https://github.com/docker/login-action@v3
+        run: |
-        with:
+          nix build .#'"haze-image-php-${{ matrix.php-version }}"'
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
-      - name: Set up Docker Buildx
+      - name: Push image
-        uses: https://github.com/docker/setup-buildx-action@v3
+        if: github.ref == 'refs/heads/main'
-
+        run: |
-      - name: Build php image
+          skopeo copy --insecure-policy --dest-creds="${{ secrets.DOCKER_USERNAME }}:${{ secrets.DOCKER_PASSWORD }}" \
-        if: steps.changes.outputs.php == 'true'
+            "docker-archive:$(nix build .#'"haze-image-php-${{ matrix.php-version }}"' --print-out-paths)" "docker://icewind1991/haze:${{ matrix.php-version }}"
        uses: https://github.com/docker/build-push-action@v5
        with:
          context: "images/php"
          push: true
          tags: icewind1991/haze-php:${{ matrix.php-version }}${{ matrix.variant }}
          build-args: |
            PHP_VERSION=${{ matrix.php-version }}
            BASE_IMAGE=${{ matrix.variant == '-dbg' && 'icewind1991/php-dbg' || 'php' }}
      - name: Build haze image
        if: steps.changes.outputs.haze == 'true'
        uses: https://github.com/docker/build-push-action@v5
        with:
          context: "images/haze"
          push: true
          tags: icewind1991/haze:${{ matrix.php-version }}${{ matrix.variant }}
          build-args: |
            PHP_VERSION=${{ matrix.php-version }}${{ matrix.variant }}
--- a/README.md
+++ b/README.md
@ -6,8 +6,8 @@ Easy setup and management of Nextcloud test instances using docker
 ## What
-`haze` provides an easy way to setup Nextcloud test instances with a choice of php version, database server, optional s3
+`haze` provides an easy way to setup Nextcloud test instances with a choice of
-or ldap setup and more.
+php version, database server, optional s3 or ldap setup and more.
 ## Setup
@ -17,7 +17,9 @@ or ldap setup and more.
 ### Installation
- Grab a binary from the [github releases](https://github.com/icewind1991/haze/releases) and place it in your `$PATH`
+- Grab a binary from the
  [github releases](https://github.com/icewind1991/haze/releases) and place it
  in your `$PATH`
 ### Config
@ -31,13 +33,15 @@ See the [configuration section](#configuration) for more options.
 ### Quick examples
- Start a Nextcloud instance with `postgresql`, `php 8.1` and `s3` primary storage:
+- Start a Nextcloud instance with `postgresql`, `php 8.1` and `s3` primary
  storage:
  ```bash
  haze start pgsq s3
  ```
- Start a Nextcloud instance with `sqlite`, `php 8.2` and an `smb` external storage:
+- Start a Nextcloud instance with `sqlite`, `php 8.2` and an `smb` external
  storage:
  ```bash
  haze start 8.2 smb
@ -56,19 +60,22 @@ See the [configuration section](#configuration) for more options.
 haze start [database] [php-version] [services]
 ```
-Where `database` is one of `sqlite`, `mysql`, `mariadb`, `pgsql` or `oracle` with an optional version (e.g. `pgsql:12`),
+Where `database` is one of `sqlite`, `mysql`, `mariadb`, `pgsql` or `oracle`
-defaults to `sqlite`.
+with an optional version (e.g. `pgsql:12`), defaults to `sqlite`. And
-And `php-version` is one of `8.1`, `8.2`, `8.3`, defaults to `8.1`. `7.3` and `7.4` and `8.0` are still supported but
+`php-version` is one of `8.1`, `8.2`, `8.3`, defaults to `8.1`. `7.3` and `7.4`
-the docker images for those versions aren't being updated anymore so they might be missing some newer features.
+and `8.0` are still supported but the docker images for those versions aren't
 being updated anymore so they might be missing some newer features.
-Each php version also comes with a `-dbg` variant that has php compiled in debug mode and can be used for debugging php
+Each php version also comes with a `-dbg` variant that has php compiled in debug
-itself with gdb.
+mode and can be used for debugging php itself with gdb.
 Additionally, you can use the following options when starting an instance:
- `s3`: setup an S3 server and configure to Nextcloud to use it as primary storage.
+- `s3`: setup an S3 server and configure to Nextcloud to use it as primary
- `<path to app.tar.gz>`: by specifying the path to an app package this package will be extracted into the apps.
+  storage.
-  directory of the new instance (overwriting any existing app code). This can be used to quickly test a packaged app.
+- `<path to app.tar.gz>`: by specifying the path to an app package this package
  will be extracted into the apps. directory of the new instance (overwriting
  any existing app code). This can be used to quickly test a packaged app.
 - `ldap`: setup an LDAP server.
 - `office`: setup a Nextcloud Office server.
 - `onlyoffice` setup an onlyoffice document server.
@ -76,14 +83,16 @@ Additionally, you can use the following options when starting an instance:
 - `smb`: setup a samba server for external storage use.
 - `dav`: setup a WebDAV server for external storage use.
 - `sftp`: setup a SFTP server for external storage use.
- `kaspersky`: setup a kaspersky scan engine server in http mode. (
+- `kaspersky`: setup a kaspersky scan engine server in http mode. ( Requires
-  Requires [manually setting up the image](https://github.com/icewind1991/kaspersky-docker))
+  [manually setting up the image](https://github.com/icewind1991/kaspersky-docker))
 - `kaspersky-icap`: setup a kaspersky scan engine server in ICAP mode.
 - `clamav-icap`: setup a clam av scanner in ICAP mode.
 - `clamav-icap-tls`: setup a clam av scanner in ICAP mode with TLS encryption.
 - `oc`: start an ownCloud instance in the same network.
- `imaginary`: start an Imaginary service and configure it for preview generation.
+- `imaginary`: start an Imaginary service and configure it for preview
- `mail`: start an [smtp4dev](https://github.com/rnwood/smtp4dev) server and configure it the mail server.
+  generation.
 - `mail`: start an [smtp4dev](https://github.com/rnwood/smtp4dev) server and
  configure it the mail server.
 - `redis-tls`: connect to redis over TLS.
 - The name of any configured preset.
@ -93,7 +102,8 @@ Additionally, you can use the following options when starting an instance:
 haze test [database] [php-version] [path]
 ```
-Where `path` is a file or folder to run phpunit in, relative to the sources root.
+Where `path` is a file or folder to run phpunit in, relative to the sources
 root.
 ### List running instances
@ -115,8 +125,8 @@ haze clean
 ## Controlling running instances
-The following commands run against the most recently started instance and allow optionally providing a `match` to select
+The following commands run against the most recently started instance and allow
-a specific instance by it's name.
+optionally providing a `match` to select a specific instance by it's name.
 #### Open an instance
@ -190,50 +200,57 @@ haze [match] unpin
 haze [match] env <cmd> [args]
 ```
-Runs the provided command with `NEXTCLOUD_URL`, `DATABASE_URL` and `REDIS_URL` environment variables set for the matched
+Runs the provided command with `NEXTCLOUD_URL`, `DATABASE_URL` and `REDIS_URL`
-instance.
+environment variables set for the matched instance.
-This is indented to run a local [push daemon](https://github.com/nextcloud/notify_push) against an instance.
+This is indented to run a local
 [push daemon](https://github.com/nextcloud/notify_push) against an instance.
 ## Federation
-Multiple instances can reach each other by using their instance name as domain name to allow for testing federation
+Multiple instances can reach each other by using their instance name as domain
-between instances.
+name to allow for testing federation between instances. Alternatively, you can
-Alternatively, you can setup the haze proxy and the proxied domains to get https support between instances.
+setup the haze proxy and the proxied domains to get https support between
 instances.
 ## Proxy
-By default, instances can be accessed by their IP. In order to get more memorable urls and allow supporting https,
+By default, instances can be accessed by their IP. In order to get more
-haze comes with a builtin reverse proxy to allow using a wildcard domain.
+memorable urls and allow supporting https, haze comes with a builtin reverse
 proxy to allow using a wildcard domain.
 ### Requirements
 - A domain name you can set wildcard DNS records for
 - A reverse proxy like nginx or apache
- (optionally) a wildcard ssl certificate (can be acquiring using letsencrypt and dns verification)
+- (optionally) a wildcard ssl certificate (can be acquiring using letsencrypt
  and dns verification)
 ### Setup
- Set a DNS record for `*.haze.exmaple.com` and `haze.example.com` pointing to your development machine. (127.0.0.1 will
+- Set a DNS record for `*.haze.exmaple.com` and `haze.example.com` pointing to
-  not work)
+  your development machine. (127.0.0.1 will not work)
 - Set the `proxy` configuration with your domain and desired listen endpoint
- Setup a service to run `haze proxy` in the background as your own user. A systemd user service is recommended.
+- Setup a service to run `haze proxy` in the background as your own user. A
- Configure your reverse proxy of choice to proxy `*.haze.example.com` and `haze.example.com` to the proxy's listen
+  systemd user service is recommended.
-  endpoint
+- Configure your reverse proxy of choice to proxy `*.haze.example.com` and
- (optional) acquire a wildcard ssl certificate for your domain and set your reverse proxy to use it.
+  `haze.example.com` to the proxy's listen endpoint
-  This will be highly dependent on your DNS
+- (optional) acquire a wildcard ssl certificate for your domain and set your
-  provider, [this](https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438)
+  reverse proxy to use it. This will be highly dependent on your DNS provider,
  [this](https://community.letsencrypt.org/t/dns-providers-who-easily-integrate-with-lets-encrypt-dns-validation/86438)
  lists some DNS providers and supported ACME clients.
 ### Usage
-When the proxy is configured, generated urls for the instances will use a subdomain of the configured domain, e.g.
+When the proxy is configured, generated urls for the instances will use a
-the `rolling-bees` instance will be available at `rolling-bees.haze.example.com`. Additionally, `haze.example.com` will
+subdomain of the configured domain, e.g. the `rolling-bees` instance will be
-automatically point to the last created instance.
+available at `rolling-bees.haze.example.com`. Additionally, `haze.example.com`
 will automatically point to the last created instance.
 ## Configuration
-Configuration is loaded from `~/.config/haze/haze.toml` and has the following options
+Configuration is loaded from `~/.config/haze/haze.toml` and has the following
 options
 ```toml
 sources_root = "/path/to/sources" # path of the nextcloud sources. required
--- a/flake.lock
+++ b/flake.lock
@ -2,11 +2,11 @@
  "nodes": {
    "crane": {
      "locked": {
-        "lastModified": 1739936662,
+        "lastModified": 1742394900,
-        "narHash": "sha256-x4syUjNUuRblR07nDPeLDP7DpphaBVbUaSoeZkFbGSk=",
+        "narHash": "sha256-vVOAp9ahvnU+fQoKd4SEXB2JG2wbENkpqcwlkIXgUC0=",
        "owner": "ipetkov",
        "repo": "crane",
-        "rev": "19de14aaeb869287647d9461cbd389187d8ecdb7",
+        "rev": "70947c1908108c0c551ddfd73d4f750ff2ea67cd",
        "type": "github"
      },
      "original": {
@ -22,11 +22,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1741005720,
+        "lastModified": 1748868585,
-        "narHash": "sha256-zNIvYFBOTGomaxknkZLO/7p6eorwwgvHeatN2YySBPQ=",
+        "narHash": "sha256-DrrbahOQAwvNM8l5EuGxxkVS7X5/S59zcG0N9ZWQFhk=",
        "owner": "nix-community",
        "repo": "flakelight",
-        "rev": "f996547e5d142853ab6d619858a605af516d1d67",
+        "rev": "dfbecd12d99c1bf82906521a6a7d5b75d2aa1ca2",
        "type": "github"
      },
      "original": {
@ -44,11 +44,11 @@
        "rust-overlay": "rust-overlay"
      },
      "locked": {
-        "lastModified": 1740783063,
+        "lastModified": 1747926214,
-        "narHash": "sha256-nJ/tvNBWFNJtwtNG/KsqtVq4p3aitkEb1pRW0qHvmsk=",
+        "narHash": "sha256-e/7klyoQpe9wsYeQIUfm/9Yqa78et24L+nSpsCz937k=",
        "owner": "icewind1991",
        "repo": "mill-scale",
-        "rev": "591ea924cfd3cd7932b385341fb0aad0a935bb46",
+        "rev": "394979573123e5d4762d29cc78b5e11b3d35cc6b",
        "type": "github"
      },
      "original": {
@ -59,16 +59,16 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1740932899,
+        "lastModified": 1749086602,
-        "narHash": "sha256-F0qDu2egq18M3edJwEOAE+D+VQ+yESK6YWPRQBfOqq8=",
+        "narHash": "sha256-DJcgJMekoxVesl9kKjfLPix2Nbr42i7cpEHJiTnBUwU=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "1546c45c538633ae40b93e2d14e0bb6fd8f13347",
+        "rev": "4792576cb003c994bd7cc1edada3129def20b27d",
        "type": "github"
      },
      "original": {
        "id": "nixpkgs",
-        "ref": "nixos-24.11",
+        "ref": "nixos-25.05",
        "type": "indirect"
      }
    },
@ -88,11 +88,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1740277845,
+        "lastModified": 1742697269,
-        "narHash": "sha256-NNU0CdiaSbAeZ8tpDG4aFi9qtcdlItRvk8Xns9oBrVU=",
+        "narHash": "sha256-Lpp0XyAtIl1oGJzNmTiTGLhTkcUjwSkEb0gOiNzYFGM=",
        "owner": "oxalica",
        "repo": "rust-overlay",
-        "rev": "f933070c29f9c1c5457447a51903f27f76ebb519",
+        "rev": "01973c84732f9275c50c5f075dd1f54cc04b3316",
        "type": "github"
      },
      "original": {
--- a/flake.nix
+++ b/flake.nix
@ -1,6 +1,6 @@
 {
  inputs = {
-    nixpkgs.url = "nixpkgs/nixos-24.11";
+    nixpkgs.url = "nixpkgs/nixos-25.05";
    flakelight = {
      url = "github:nix-community/flakelight";
      inputs.nixpkgs.follows = "nixpkgs";
@ -19,10 +19,25 @@
        "aarch64-unknown-linux-musl"
      ];
      nixpkgs.config = {
        allowUnfree = true;
      };
      extraPaths = [
        ./redis-certificates
      ];
      withOverlays = [(import ./nix/overlay.nix)];
      packages = {
        "haze-image-php-8.4" = pkgs: pkgs.haze-image-php-84;
        "haze-image-php-8.3" = pkgs: pkgs.haze-image-php-83;
        "haze-image-php-8.2" = pkgs: pkgs.haze-image-php-82;
        "haze-image-php-8.1" = pkgs: pkgs.haze-image-php-81;
      };
      tools = pkgs: with pkgs; [cargo-edit bacon skopeo];
      homeModules = {
        default = {
          pkgs,
--- a/images/build.sh
+++ b/images/build.sh
@ -1,23 +0,0 @@
 #!/usr/bin/env bash
 set -e
 export DOCKER_BUILDKIT=1
 versions=("8.1" "8.2" "8.3" "8.4")
 for version in "${versions[@]}"; do
  echo "building haze-php-$version"
  docker build --build-arg PHP_VERSION=$version -t "icewind1991/haze-php:$version" -f "php/Dockerfile" php
  echo "building haze-php-$version-dbg"
  docker build --build-arg BASE_IMAGE=icewind1991/php-dbg --build-arg PHP_VERSION=$version -t "icewind1991/haze-php:$version-dbg" -f "php/Dockerfile" php
 done
 for version in "${versions[@]}"; do
  echo "building haze-$version"
  docker build --build-arg PHP_VERSION=$version -t "icewind1991/haze:$version" -f "haze/Dockerfile" haze
  echo "building haze-$version-dbg"
  docker build --build-arg PHP_VERSION=$version-dbg -t "icewind1991/haze:$version-dbg" -f "haze/Dockerfile" haze
 done
 docker build -t "icewind1991/haze-ldap" -f "ldap/Dockerfile" ldap
--- a/images/haze/.dockerignore
+++ b/images/haze/.dockerignore
@ -1 +0,0 @@
 .git
--- a/images/haze/Dockerfile
+++ b/images/haze/Dockerfile
@ -1,64 +0,0 @@
 ARG PHP_VERSION
 FROM icewind1991/haze-php:$PHP_VERSION
 RUN DEBIAN_FRONTEND=noninteractive ;\
 	apt-get update && \
 	apt-get install --assume-yes \
    cron \
    redis-server \
    smbclient \
    npm \
 		sudo \
 		wget \
 		attr \
 		git \
    neovim \
    nano \
    sqlite3 \
    s3cmd \
    gdb \
    python3-pip \
    procps \
    rsnapshot \
 #   chromium \
    ncat && \
  apt-get install --assume-yes libgtk2.0-0 libgtk-3-0 libgbm-dev libnotify-dev libnss3 libxss1 libasound2 libxtst6 xauth xvfb && \
  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64-2.1.35.zip" -o "awscliv2.zip" && \
  unzip awscliv2.zip && \
  ./aws/install && \
  wget https://phar.phpunit.de/phpunit-9.phar -O /usr/local/bin/phpunit.phar && \
  curl -L https://github.com/harness/drone-cli/releases/latest/download/drone_linux_amd64.tar.gz | tar zx  && \
  install -t /usr/bin drone && \
  wget https://github.com/vimeo/psalm/releases/latest/download/psalm.phar -O /usr/local/bin/psalm && \
  chmod +x /usr/local/bin/psalm && \
  touch /var/log/rsnapshot.log && \
  chmod 0777 /var/log/rsnapshot.log && \
  chmod 0777 /var/cache/rsnapshot
 ADD misc/collaboraonline.sources /etc/apt/sources.list.d
 RUN DEBIAN_FRONTEND=noninteractive ;\
  wget -q -O - https://packages.blackfire.io/gpg.key | apt-key add - && \
  echo "deb http://packages.blackfire.io/debian any main" >> /etc/apt/sources.list.d/blackfire.list && \
  wget https://collaboraoffice.com/downloads/gpg/collaboraonline-release-keyring.gpg -O /usr/share/keyrings/collaboraonline-release-keyring.gpg && \
  apt-get update && \
 	apt-get install --assume-yes blackfire
 RUN curl https://dl.min.io/client/mc/release/linux-amd64/mc -o /usr/bin/mc && \
    chmod +x /usr/bin/mc
 ADD configs /root/
 ADD configs/nginx-app.conf /etc/nginx/
 RUN mkdir --parent /var/log/cron
 ADD configs/cron.conf /etc/oc-cron.conf
 ADD misc/bootstrap.sh misc/occ misc/tests misc/phpunit misc/install misc/occ misc/integration misc/chromium-no-sandbox /usr/local/bin/
 ADD configs/sudoers /etc/sudoers.d/haze
 ADD configs/.s3cfg configs/.gdbinit configs/.aws /home/haze/
 ADD rsnapshot.conf /etc/rsnapshot.conf
 ADD redis-certificates /redis-certificates
 ENV WEBROOT /var/www/html
 ENV EDITOR /usr/bin/neovim
 ENTRYPOINT  ["bootstrap.sh"]
--- a/images/haze/configs/ldap/autoconfig_mariadb.php
+++ b/images/haze/configs/ldap/autoconfig_mariadb.php
@ -1,9 +0,0 @@
 <?php
 $AUTOCONFIG = [
  'dbname' => 'haze',
  'dbhost' => 'mysql',
  'dbuser' => 'haze',
  'dbpass' => 'haze',
  'dbtype' => 'mysql'
 ]; 
--- a/images/haze/misc/bootstrap.sh
+++ b/images/haze/misc/bootstrap.sh
@ -1,102 +0,0 @@
 #!/bin/sh
 touch /var/log/nginx/access.log
 touch /var/log/nginx/error.log
 touch /var/log/cron/owncloud.log
 cp /root/config.php /var/www/html/config/config.php
 if [ "$SQL" = "mysql" ]
 then
 	cp /root/autoconfig_mysql.php /var/www/html/config/autoconfig.php
 fi
 if [ "$SQL" = "mariadb" ]
 then
 	cp /root/autoconfig_mariadb.php /var/www/html/config/autoconfig.php
 fi
 if [ "$SQL" = "pgsql" ]
 then
 	cp /root/autoconfig_pgsql.php /var/www/html/config/autoconfig.php
 fi
 if [ "$SQL" = "oci" ]
 then
 	cp /root/autoconfig_oci.php /var/www/html/config/autoconfig.php
 fi
 UID=${UID:-www-data}
 GID=${GID:-www-data}
 echo "Running as $UID:$GID"
 chown -R $UID:$GID /var/www/html/data /var/www/html/config
 chown $UID:$GID /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/composer.lock /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
 echo "{}" > /var/www/html/build/integration/composer.lock
 echo "Starting server using $SQL database…"
 tail --follow --retry /var/log/nginx/*.log /var/log/cron/owncloud.log &
 if [ -n "$S3" ]
 then
 	sed -i '/\/\/PLACEHOLDER/ r /root/s3.php' /var/www/html/config/config.php
 fi
 if [ -n "$S3MB" ]
 then
 	sed -i '/\/\/PLACEHOLDER/ r /root/s3mb.php' /var/www/html/config/config.php
 fi
 if [ -n "$S3M" ]
 then
 	sed -i '/\/\/PLACEHOLDER/ r /root/s3m.php' /var/www/html/config/config.php
 fi
 if [ -n "$SWIFT" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /root/swift.php' /var/www/html/config/config.php
 fi
 if [ -n "$SWIFTV3" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /root/swiftv3.php' /var/www/html/config/config.php
 fi
 if [ -n "$AZURE" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /root/azure.php' /var/www/html/config/config.php
 fi
 if [ -n "$REDIS_TLS" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /root/redis-tls.php' /var/www/html/config/config.php
 else
  sed -i '/\/\/PLACEHOLDER/ r /root/redis-default.php' /var/www/html/config/config.php
 fi
 if [ -n "$BLACKFIRE_SERVER_ID" ]
 then
  sh -c '
    yes | blackfire agent:config --server-id=$BLACKFIRE_SERVER_ID --server-token=$BLACKFIRE_SERVER_TOKEN
    mkdir /var/run/blackfire/
    BLACKFIRE_LOG_LEVEL=4 BLACKFIRE_LOG_FILE=/var/log/agent.log blackfire agent &
  '&
 fi
 crontab /etc/oc-cron.conf
 /usr/sbin/cron -f &
 if [ -n "$REDIS_TLS" ]
 then
  /usr/bin/redis-server --protected-mode no \
    --tls-port 6379 --port 0 \
    --tls-cert-file /redis-certificates/server.crt \
    --tls-key-file /redis-certificates/server.key \
    --tls-ca-cert-file /redis-certificates/ca.crt &
 else
  /usr/bin/redis-server --protected-mode no &
 fi
 /usr/local/bin/bootstrap-nginx.sh
--- a/images/haze/misc/chromium-no-sandbox
+++ b/images/haze/misc/chromium-no-sandbox
@ -1,3 +0,0 @@
 #!/bin/sh
 chromium --no-sandbox $@
--- a/images/haze/misc/collaboraonline.sources
+++ b/images/haze/misc/collaboraonline.sources
@ -1,4 +0,0 @@
 Types: deb
 URIs: https://www.collaboraoffice.com/repos/CollaboraOnline/CODE-debian11
 Suites: ./
 Signed-By: /usr/share/keyrings/collaboraonline-release-keyring.gpg
--- a/images/haze/redis-certificates/ca.crt
+++ b/images/haze/redis-certificates/ca.crt
@ -1,31 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIFSzCCAzOgAwIBAgIUeeghZlFLpiHZ4i5XoYSArRfBZEkwDQYJKoZIhvcNAQEL
 BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg
 QXV0aG9yaXR5MB4XDTI1MDUwMTE3MzA0NFoXDTM1MDQyOTE3MzA0NFowNTETMBEG
 A1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUgQXV0aG9yaXR5
 MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1zHa4DZDvV/9816BBzXb
 S/N9EWaZuFmkWy8XNcChMenZvHlOBoU2Ah+mcqBrbvpC4mmqCQVKK/URz8KU3ZlL
 bI8VGPbysnBcXatVCCNEC6AcE6ZP32ULAmnxnLMAaZnXDUv2qvB/WGBO82pNTi2Y
 JP814IpmvNLCr5P4ERu0qi0M1FRMKYN4lwZxJPm1QAeGcBMYqTy9P415LEcGqSHt
 4guowgdySSHk0MkeHpc5lkXP4Wh+0Z3dfr5honA/NndMRfEb00SMQM6WMKaPBzjZ
 59IvZRD6/SXmSXbnBOr8BnBQHTwshR12lhv0QX+iA53TenHwbNG4wEqR7mCRW8S0
 ugtw+7f1WmPXoIFUfzZhPr5QKN4a6NDp+7VJk3E2DfjzyMY4QVc8c4jiKZjLgdJW
 oTpN0RTzzL/kNHnYiruBUMPhqbijJJmHH57a1o+sDB7pR4CxM9JjwAEAp9cGuBUj
 JdSZX9aL1aEYt8PnoXuGAGripPXLS47AkOYs3uZfZFssu/HtoN0Qg8XEGZm87xQj
 UKZdHCcec84OaQHScWJ1yBjzTOcQsewymhwg/Uoan4Bq+m9yaBb4A9/ouh0WeOza
 oSm7gtY0tl4aM0TUqHddt8cSrvlGc2DXc2UdkPyzoxQftSbW6kBbgEOG5X0HKqIT
 2Yta7e4BiEYHV883R0lz3r8CAwEAAaNTMFEwHQYDVR0OBBYEFGifegOeUflLHL6A
 uWVeOyDgcNewMB8GA1UdIwQYMBaAFGifegOeUflLHL6AuWVeOyDgcNewMA8GA1Ud
 EwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggIBAGIcOPQB9PSfqruSDX8jcJ/q
 uI3J0BEH+XkQ2v+4pJ3RQYMczUPRoKBPxqtN2R2G30zzjfEQkhBQAyNVP/dZ1I0+
 qaVEdgJR9gydJQGaaL6vaHyt6yEyyjCIpF8ZJKi0UeSJmwlfq2VR7BBDKSTppwT0
 ELuOrfsgyIFCWSWW1NkFEKlf5x2NVE0DVCv4/8xDXx+1Oc2JZFnnhZ9Im1j1yUqg
 H+oRB9feFR4YCItuXRO2mSPdmwvtZNPVSMwEPuv2YKolVZP6FnJt8/s8DKGhzM7U
 Xkg2xvoheVzMlVwWy7EUDzxYtGJYOO80AvHo5TQ6xdsFQ7b+hvytkBejOClDfxAN
 QPZaYKSmg+FdfOvwIfDzZn798M8DjRfTxp+7KZCOaVAulUbyrzWUdMKbnnPHbyA5
 67kcjKDY9jjnFbl5Nvgqh2hf/fWopM2bRJ9YqI8c7DnrSu7fYg4O1SJl6M8+ROYW
 F8qBXi8ncXdYApHJibQdrEHy0p2OlsGTOJezTD2jydny9LmNvhviDJLZpIcdLhPg
 ib1rEkXmIbUCueIdJATY1gWfN+6T7d1lU5ifznSryHFNk7obWJoCxh3eS10NUUsO
 y0jF3kCNSn8Uc5upgMKfqAeH9iUmnheVRbwGSNNkekJD9HPXeqVDdN68uRAXCx4E
 Oq+n5WQOPvSvw5IMlIXN
 -----END CERTIFICATE-----
--- a/images/haze/redis-certificates/ca.key
+++ b/images/haze/redis-certificates/ca.key
@ -1,52 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIIJQwIBADANBgkqhkiG9w0BAQEFAASCCS0wggkpAgEAAoICAQDXMdrgNkO9X/3z
 XoEHNdtL830RZpm4WaRbLxc1wKEx6dm8eU4GhTYCH6ZyoGtu+kLiaaoJBUor9RHP
 wpTdmUtsjxUY9vKycFxdq1UII0QLoBwTpk/fZQsCafGcswBpmdcNS/aq8H9YYE7z
 ak1OLZgk/zXgima80sKvk/gRG7SqLQzUVEwpg3iXBnEk+bVAB4ZwExipPL0/jXks
 RwapIe3iC6jCB3JJIeTQyR4elzmWRc/haH7Rnd1+vmGicD82d0xF8RvTRIxAzpYw
 po8HONnn0i9lEPr9JeZJducE6vwGcFAdPCyFHXaWG/RBf6IDndN6cfBs0bjASpHu
 YJFbxLS6C3D7t/VaY9eggVR/NmE+vlAo3hro0On7tUmTcTYN+PPIxjhBVzxziOIp
 mMuB0lahOk3RFPPMv+Q0ediKu4FQw+GpuKMkmYcfntrWj6wMHulHgLEz0mPAAQCn
 1wa4FSMl1Jlf1ovVoRi3w+ehe4YAauKk9ctLjsCQ5ize5l9kWyy78e2g3RCDxcQZ
 mbzvFCNQpl0cJx5zzg5pAdJxYnXIGPNM5xCx7DKaHCD9ShqfgGr6b3JoFvgD3+i6
 HRZ47NqhKbuC1jS2XhozRNSod123xxKu+UZzYNdzZR2Q/LOjFB+1JtbqQFuAQ4bl
 fQcqohPZi1rt7gGIRgdXzzdHSXPevwIDAQABAoICADL7cj31TTYj9E/An3P8W/CS
 BprlQlztC+W4cdi/wtDG9NlUqdocnC+DnRUCEYHQ06C9ZNXPRYPFg0tD763SYA6f
 lWF9PAFvYkqkyTfs1vWkIJK9L6Ye061mOSIlPF9IXa0eRpm38YuYAYxkrlzrq2R0
 fCiu0WlBy3L6bOZsuHAqzSPOtt6M8bhiA9M9P6YkQkLyG0EZDULtuvv09cyDJ88K
 cRhK2FYgLAwU4chgjnmeH4JpFcaGjo+0/f+UdT1rpQva8/so/ctqxiVPiIou+10T
 LDxW+geYf4b/HvtIyp2h5TEP7QI6eTpV9BfCa7lMnmofbVTymMEhyZH+meFyaFhO
 GBJ2rjepeGX7RP+rv/N5oyRPR3/hRMXfmcjiMJEpkiln2d/9eOinXHdb3XyKDtWr
 8HzKYtdfeRv56Wl7Y0NM7sIXl6z+98XgN01CKfuDpwgb7pzIyZmF+xBob8A1XvHr
 OmOGd2WFNsDKIiAeMOtKXhZpdaPWKjKR2Amsn/9pz/oID5HgIeD668tC/7Q0hq/X
 cmPaahGeGaGz6iCnPXtxxTCRPaBS6NfNENBsqUfAjz62/RpxqnK+ni/O35LlFxbo
 J4CkdmiDraAp71Z+Zn2iwmjGrbtkxIjcvrlcigUBI9iL35jtE8SHGvQuigCbgtvq
 9KjEMthC7hiN7TLodkldAoIBAQDwQdfCCkZO+Lh0QCRpwSbTYSChcErw7s/Ee2Gf
 ZYUymE6fKIlruNpiKupDC369NDmzR9/PhcMHV6GLCRqqOHvLNvhsCZ2tjaRZ+Qfn
 s6CtZtM5eLvoQXsuU/+cIAxuiYV3l2RRnVMFsPPimUoSv1cstEobetAJe+cAHLdg
 DVl6PnPjExBZIFhFIcEyMYEqf1KLJjSV5BSWEP+IGuJq5W8YTb7De1sae6uROhvH
 520SrWbF2akOmJwvSyoHxUwdDeLutGrdXK1xKYj8DHalqMsJUGOSgb+9F30UtcZr
 9FL2pmhHtowj8ZWZnpZCvUOmuKn6JPn8W/yvZYJBD+8wZ0/dAoIBAQDlS5sff3S9
 LbpTx7Yjbq8A5MtGLMcykRPg6q2DNYq1u23aNNwyKqKvX8Z283j0QFODyfjXXMdx
 Q4iA/oVU/xYlG+ozmX4bSl2dngJfAd1GHu2+1kEikvE6TtWYvVMZrNadMLJn5+xo
 iRhwvGtFo71teo67N58+swN6G0Z0EMQfr4oIrWe0U3mVnEyrIRhiy7bX3Zvy1oEE
 Jc+LFOVEYQH7tu+qkz59m1otZ7WmrRockgkvRpAtg3c0NxEXmCjRpY0iOzk+ywrx
 owjIr+rTj9fBl3duWC1JpPo96axa7KVUllUcqDTyKx7f9qY1vkN0SZxfy411Db/s
 wl+XihW7Mk1LAoIBAQDBNyJt4VdzsSCeFOtzxSsVOXpFeoo6QsQCLntu9fTtoIEy
 DCaf5BR0eDDXZEoznOl+XaIHQXp70CSRLOwt0qjz36xfLkiJR2zSEq0h0Fq6uQPL
 p2XuvaJzuofJJhj5WE1mxPCflhcrb4hjRoXEl+5ifEdQ3C6sQeGfPHjYnUPFRK5s
 AmvWUWXLiv7U/+zxoV1fnIUTuk439UmbSoumDgePEw8EJJM6tBRhActPs7ULHTqW
 iJolq+OHQTp271trzjwfXibHCP5PEGki0l8kkJ9gSS8apo/tYRNtcVY2gVGrHF6m
 tY70ZRe7aEdNOupKDR5dlhkYs11+LPNYoZjpY1xdAoIBAQCXatwfar2eh+n5lXKT
 522tu2j5CGzq2Z808gRvFxZoeENMy4d1oW4ZPbgDqTiAo1IDP4cSQPR7uUsVU/6c
 aG8pRkvck0oRn4Q+p6+NKeADhD0fvsD4oeymwpSO7sdHtzlqSFQoBaG6Tn5TRDna
 nQxklYBX5Z1FfFWZdxWJY+D/w531qP1Iua8au0Jt58cAxuIRnwhyznAYWxe5Eq1s
 AFuc6+tMyzuDGunr/gaY8MrDfzSNgZ2IUL6RPqQM3rBl8VtH9bAR5WdutmkAjhsW
 ZnDmKK33skcF0OpnpD3rNUbgmv3NlM6R9SPIZkrQRrqoukuHfxYE7HWHVbxmiAtd
 uRQNAoIBACDEgcKqMczv5RCZNy82rgklQlDHpyFoBXncz3q6qo/lK1hzzHwhi5TU
 dN8g6XP8wAbB4svUlvNhCZEz8XbZmLlIZBgtxRTQ9nr4NPeHS1k2BRE7GlcQ8q5R
 wBOZq40hA2gpqgoneg69SfuU/5gVXYfix1fLiMThbAlzwzKvQcpjeUtIkEHIV67Y
 1go9zVsB6zaNmZh2BH3QyhRGBmXaJa//NJ9/rDVGaDRjgWcCOgbb3tUt8BXYeZo6
 smS32nf0aZDrxwfM/V3FnTH/EVEkY7C6zYXFxJwkAP3CG+4xfz46YGGjPmwiE7wa
 QlwIocgNC+s6KwWV+02rkVzn1rT8M9s=
 -----END PRIVATE KEY-----
--- a/images/haze/redis-certificates/ca.txt
+++ b/images/haze/redis-certificates/ca.txt
@ -1 +0,0 @@
 478FE4DB973CA6ABD6D97AD684DBD5B3564C28D8
--- a/images/haze/redis-certificates/client.crt
+++ b/images/haze/redis-certificates/client.crt
@ -1,26 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIEUDCCAjigAwIBAgIUR4/k25c8pqvW2XrWhNvVs1ZMKNcwDQYJKoZIhvcNAQEL
 BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg
 QXV0aG9yaXR5MB4XDTI1MDUwMTE3MzA0NFoXDTI2MDUwMTE3MzA0NFowKzETMBEG
 A1UECgwKUmVkaXMgVGVzdDEUMBIGA1UEAwwLQ2xpZW50LW9ubHkwggEiMA0GCSqG
 SIb3DQEBAQUAA4IBDwAwggEKAoIBAQDKZvm4/tWR4mAq9bV59IeS8rWxu0t2WQeI
 NODF99+ou1lJmBap1OtTd618jzbEWNH/wIlB4jhbaqyLMdXDiLdbXclumjfU9/GG
 76AbceFX1XVksXzIdMESdub0ZdzqYdbi1hwXXfRNRIokUGBQS4Z5OqRBrJKS6J9i
 dzy6rVArxIQfRzaK2urQvqCBuoiob2x7sJyRjDj0kEAQHOouN+6Yporoda3A50Ca
 elZfxo/Q6eZJt6RppgM0Icp4+F5OF3teljVQIyktPkH6g+9fC+gP+VLon8Jfp4Ph
 +VZQNEj3EH8M9P+CuAZnw/NOsweD+pbjGbUD2/3rEBBwRKWikL4pAgMBAAGjYjBg
 MAsGA1UdDwQEAwIFoDARBglghkgBhvhCAQEEBAMCB4AwHQYDVR0OBBYEFElng8Se
 2ewVbMzURtIVfyCa6ovSMB8GA1UdIwQYMBaAFGifegOeUflLHL6AuWVeOyDgcNew
 MA0GCSqGSIb3DQEBCwUAA4ICAQBUyf0h8z3QZ5X6+fo9oDrNVdKOSlFLh/ekj7fc
 oaWCbJVQ14kvkEEjmHs9DnjStEix6Rum0ebWVs97xxMX3BQVtmAzcToXmV1kkNj0
 rMcNr+h8c2olnhNTgPMcdEIcYwokfoXBwIFM9qeEq+HwU84UpvOHzGeXGE+Emwo1
 GhCkn30bP2OEOHMU0Ei2kyMg3ogpIxViLJS714WnWnuPcrx8aB3LTz6sP65mGJOP
 hT4Y0CIl2O//AN/8fZjjGruXcYAo/ClM1VgVKPTlknf3mLZ7Y0/O9cLSQYtPwZGk
 Cxmsl2RFET7gUy4vhU9go0XNgInO/4sBs6sQSL80V2lf0NUzLCXRItUNLsKEZ9qU
 0AY/MDJza4ESNBrcCcuClhuHBRtkAqFL/4n5a+X+ddm/UnJHJQMMvoEBgyfT5C4a
 +eXPFexz9kJ03Qb9cSwPw0AUHamYzdVivOavWnk2QXbDzNe4tOQOGqjHt2CJVLC7
 09Xgsu3zOlEIMdeAk7ryUOz9+Hca+NUFliVpMGdKnHmUUKUnhRdsokC/2FZ1PEvI
 DaO7US9f9qVB0IX4hKSHAvG722un2F9gpwSBsXlL63lhkW/CwkqhMCyfcUSOtCNy
 THdLlaBwWmQiHkIL+ArQ+rFYEPH08ewypInsesIwTh4ZLm3WKyHsT5cXdUdS0kXH
 uPis/Q==
 -----END CERTIFICATE-----
--- a/images/haze/redis-certificates/client.key
+++ b/images/haze/redis-certificates/client.key
@ -1,28 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDKZvm4/tWR4mAq
 9bV59IeS8rWxu0t2WQeINODF99+ou1lJmBap1OtTd618jzbEWNH/wIlB4jhbaqyL
 MdXDiLdbXclumjfU9/GG76AbceFX1XVksXzIdMESdub0ZdzqYdbi1hwXXfRNRIok
 UGBQS4Z5OqRBrJKS6J9idzy6rVArxIQfRzaK2urQvqCBuoiob2x7sJyRjDj0kEAQ
 HOouN+6Yporoda3A50CaelZfxo/Q6eZJt6RppgM0Icp4+F5OF3teljVQIyktPkH6
 g+9fC+gP+VLon8Jfp4Ph+VZQNEj3EH8M9P+CuAZnw/NOsweD+pbjGbUD2/3rEBBw
 RKWikL4pAgMBAAECggEAAY6a6N2WVq8h+UKho5oKJEsXXbzTSZ+etgwIwffJsdpw
 cedTHqRY2RqzFsxilKPFnczlNsC0Q/PFTF7U8Pz6GCBXvoY+MWEPlm+n0NORSGPd
 KX9PYUVl/4Ey/qSn9z+gb7yg7lxr1t+qRmQ95sWQom8dOLTIqIup6jqA7kNgugLK
 ATPQIZ+J7XI779GJhnIE2UqyPUZq6Kk9wlV7MGSiaXHXRLiIoR4w6slZM862Wjvl
 yWP/V3aiOBgfSDpO5igdDQkNOPoNUehxMyCc0Q30vdnezBJw5B0fGh69tFiMPnql
 4+ZnTtHZxQaaE+KH488e5qWBMlF62xn/95U7a4EguQKBgQDpgOHWMXUYOm29eSlV
 y9NHsxKS9k0by/HTmwNV/fSDm9CJS4OX5HCOWkxjc4VGwHOp8hqfc3XHf+15vfKl
 TN7p77T/i5nd19gT0ulMtp4RCEG3SPAGCucdKzP08wobs2/bRuyiM6WLcvDiKhS4
 ppFHiSV99jl5Hy/JWMOOH+D1VQKBgQDd5wPMyko1RWn/BMWpsD4On2FtkRiZb/gA
 Lg8+GdeIDz28nB19tR49+6pF8tCQbt1NYBnlq04ZUFbSX1MCJCp/wUFixoM4Olqz
 aJvu6Fql9YzLox6zq9PXOzWEWxcW/kmKBbFuNKwemu4YbYNBvoRIyLIH67Gp0nc4
 J7x/0kwlhQKBgQDG1SZ5e/fXv7k+xHN8SWoJ/eRtHCqg5tNveuomSW/yubWjk5fk
 uXNW5HFzpiTxEGPtbOlaqbi7PqX7KtH6DDEtRx77E+bbzzaB+vEKj96dZkh/SC6L
 FrGiVu2RQXt0ByHSuNw7ansm+aNBEtA+RCgloBU643YhO3s3msw6s86dWQKBgHw3
 K0tiGbRETRdyRmu8uqBY26MHy+toYD1Ji0LKGHqTfY2tHl0WG/26eRB64gFX7g24
 NAb6o9dLv643qjHSqO+m8MEoOqApGki/0DomW0f3cn8zqqYNE6KyBD04+G3onqXi
 lfYJCih/tbR66TTOPyK3JeGFMIjNxerrY3tx7yo5AoGBANnt3tWS3AMhvj2lzt6T
 ILjKMC1Ker49BwCYAuIHPON9Garqu28OXTDBq8zd9NjgewtZgM7OTwEbsSgwbXBp
 4t2u32s6Ao8CohaKYIWolzqnuLF75p7VPuUP+EiaKQdzbbTrSrtPWB6+9uSTZSp7
 Jg4q5I4X0o5MLslUDD3EGXfc
 -----END PRIVATE KEY-----
--- a/images/haze/redis-certificates/openssl.cnf
+++ b/images/haze/redis-certificates/openssl.cnf
@ -1,7 +0,0 @@
 [ server_cert ]
 keyUsage = digitalSignature, keyEncipherment
 nsCertType = server
 [ client_cert ]
 keyUsage = digitalSignature, keyEncipherment
 nsCertType = client
--- a/images/haze/redis-certificates/redis.crt
+++ b/images/haze/redis-certificates/redis.crt
@ -1,25 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIEMTCCAhmgAwIBAgIUR4/k25c8pqvW2XrWhNvVs1ZMKNgwDQYJKoZIhvcNAQEL
 BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg
 QXV0aG9yaXR5MB4XDTI1MDUwMTE3MzA0NFoXDTI2MDUwMTE3MzA0NFowLDETMBEG
 A1UECgwKUmVkaXMgVGVzdDEVMBMGA1UEAwwMR2VuZXJpYy1jZXJ0MIIBIjANBgkq
 hkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAzrKoci1Pj1mZr5eQCqH3GBYhJyucVkn6
 uPaANs5srjM3IrwopWmkU1lVdfq+53JqOw9zW/1Y8rJCuvtW02OSonCKd/WVq7aU
 6XAnYACaN3l0OW38VV/Zxz6kZVnmfmk73OSNLr8sbB5tnSq0B0hLQBbFf/EJS+Cr
 FHN+nbhzxfidqmSNb7UEXDVNwC6RiVN+TK72KuAF/kC3i7lUT0sOAEA9cFfMlJDX
 pg/4xdC2Q5Wl+ow7Rx9J71mcbL0mqVzx5vkW21ohw472SZK1G6BbG8LstPoFLtHD
 hF06RlekcluDVtRA3DhmMYuf0FYZWpeu7V3ytf3ZScgKPi6cyV5raQIDAQABo0Iw
 QDAdBgNVHQ4EFgQUZr/He3WzMPdrr0ytP6Nb8vVPmL4wHwYDVR0jBBgwFoAUaJ96
 A55R+UscvoC5ZV47IOBw17AwDQYJKoZIhvcNAQELBQADggIBAC0UR3/0RraqCSh1
 TcTN5T3l2zfBjWwmOOqUAV9wvWMc2gdqvTRPZvua+avRqmWAtogcvw0l0hBPNg6I
 ehbt/nBZaxNaLQd4ivT7X8mberUQepHYACjtX0ByHsbeKSvAUgtu9TBR8MCaBntG
 uQcZ8X3q8yh+Pioqg9FtLRfjn6MmLBXPOhKqJOKj0Eu3LW0EVVOe7UF5BehsT43I
 K5Kf9AjLSKf1UJ/Mwur0UZCERHxzabsXYtiEfrL4TWv8wq0B805aolF+KFAQ9TyE
 zQOXE0KyeaeA1Bq5HtGaNMR685C5Vly34ja2zuijEgyed8FxYxnxR7wR4ReHiY1B
 YBoax2FVcWt8jqJVCGNzJx5tJclCHvYR1wK0v87BMbdtzskAPoFtI7h8EKKwZCBX
 ZXhXQl/J0rnKmP5dzjJljU1MPmxRVeFGXanSx28M9t7RM46EBQ0cTssKrABCq38R
 V0e7Qb7I9/9N/KTJQsQSRo6c6r12mYOsMsOih+yaJCoz1rRR7jfV1dSBoSP5dm3f
 Vpohp8ddELLwL45uUSExnS9FNjPwsVKli/BLmE45NBMeE8uVUBjhT2PULliJiwSo
 gJ4ERZ1VFPubnVIjqwLWAx/S8p1dRlHLtQhBMAHOa++fPbvGcP99exMCJl5JmVDS
 S6ndtuPssyYRm6QzY00ZsTLSNOTU
 -----END CERTIFICATE-----
--- a/images/haze/redis-certificates/redis.dh
+++ b/images/haze/redis-certificates/redis.dh
@ -1,8 +0,0 @@
 -----BEGIN DH PARAMETERS-----
 MIIBDAKCAQEA1GAl2XdbmBJZro8/29d3CkovYmLNjpDThVxXggGxkD6U2kDzNzRo
 cwX2H8b9+w8QQXiBt7MUBlErHdhZE+C7b7JYX64m6hfNMHoOul+t25e/18CU6Odk
 qeDi3GVsEGMYO82J4Jowj8nPeoLE8EQh93Gw/rfMS3G12YxjC9xO83cP8KzjOB6R
 FAfh+n24Z0E3ckxrYEJoU5GchtM2qrf7lNzxjW7uTPhakuDWGAgcovLNupmIEAfa
 b2kR8Li8I2vhFoyj0zmz5pIhkmfmROWtXfZd5LfS3DnZZXJSbMGdl/QEnUPSeLSB
 XmrCgMXeiT42tg05ZeEWKL/jYBQ5Hd1drwIBAgICAOE=
 -----END DH PARAMETERS-----
--- a/images/haze/redis-certificates/redis.key
+++ b/images/haze/redis-certificates/redis.key
@ -1,28 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDOsqhyLU+PWZmv
 l5AKofcYFiEnK5xWSfq49oA2zmyuMzcivCilaaRTWVV1+r7ncmo7D3Nb/VjyskK6
 +1bTY5KicIp39ZWrtpTpcCdgAJo3eXQ5bfxVX9nHPqRlWeZ+aTvc5I0uvyxsHm2d
 KrQHSEtAFsV/8QlL4KsUc36duHPF+J2qZI1vtQRcNU3ALpGJU35MrvYq4AX+QLeL
 uVRPSw4AQD1wV8yUkNemD/jF0LZDlaX6jDtHH0nvWZxsvSapXPHm+RbbWiHDjvZJ
 krUboFsbwuy0+gUu0cOEXTpGV6RyW4NW1EDcOGYxi5/QVhlal67tXfK1/dlJyAo+
 LpzJXmtpAgMBAAECggEAC9w7hyWrcYXKKEWxmbKWe5bVeypo85iWHuPiEoMAwHQm
 30LdsDQiHjg7i6QCLUSm7NGjpG0im/Z3lsQSRNnrUY/UmjKIzowQ+l4ZnEwcjT9W
 WG9DseBoniKtizU/4RQHv9KLeVm14lRSpNiM8PgIfVpxJbi+eFChcHB6HPG3Du5t
 MauRnRpRXP7Yd9mQ4hmEQnEirfZZb2kBXYIHmJ0YwRlk242R/JqTu0MNKu8+JE6d
 OXZ+dq5DCDoNqPIwLnFbly5l2gpCzLezRJhxiSE2amUNk+0nlfzJdDjF3xT7YIpp
 8kutalAU7wjXc/RR4TD21uT2y8RpKq0WL0F6/gj1YwKBgQDrdoA2e5YExRm/opv5
 jC364GrucHjlzzhHqY+JyZNQ1FLdNcAZyOV56u7mCwmDf5G77Vi95Fbpf0O1X+lW
 r/1nmWQBvU0CVABXl56+ZTzPp8Kh2cizJlHxuZ5XhKGZPaJ1J+uVYplDkEUqnQ2G
 dVQ5ynOP00KN3NeQ5BLzmON/EwKBgQDgueG7wzaOFg4liZKuEXlbzjNGdBzCdZkL
 vh/G3tmmWk+c0fbvIhZtTBynK57KO0RhUMko9aztdUmdMAh15owpbZzos7VzpbYs
 TqZQZc3O8XeqZwFKvUiuj+DiJ2SGhjCqeLqaHcmHpZ0Ecjw6s8hocygVkc8krzGz
 S6FyjqqvEwKBgC/MhoqI3BNrz6ZPZEpsYokjNZHh0ykTv+EMUs8t1HH8KDYvyydw
 2OS/BHA+nVfMddEohXNG/z23UA9pwPyQDWkSgnK38wId+1PMu7T66DVfYOtqQovb
 o5bmj3ZEvmlVUb1mtTRGJ8bHasMTzsMU3lw89OilgkU6J6iKJC6/Qq9xAoGBAL+g
 QcimMcL/M5j2sskTxXRvZHHTWSLIvHSy7s3aAaZEpFaJBBPt8UnJ+TTjkUfJOgnx
 pVb0Bz2FIfyTlONUcHhzK7WSaEvxJmKpvlAYP2MTrIL1yrg8p9mSfqTaCnJbwuva
 fuQkOlEc+8Nq1ckIvP+0Ep4x83zIl4zYFRdmaE1ZAoGBAKl7712xOCYDE6pxRrDK
 +pXXsjIvQY59vfbcZXHqr8OqtelYCkqbczEVE/RiequX16ZxMPAR2w09Lm/VmJzk
 sKcRgdeJhnK+Sqw5zYzFJEJ/FrgYO1K+ZVmHjnN+/y8kfX5Z6xPwcFnw12eHqu9+
 9cCUnfu2HJPRJdUkUAlvFYdF
 -----END PRIVATE KEY-----
--- a/images/haze/redis-certificates/server.crt
+++ b/images/haze/redis-certificates/server.crt
@ -1,26 +0,0 @@
 -----BEGIN CERTIFICATE-----
 MIIEUDCCAjigAwIBAgIUR4/k25c8pqvW2XrWhNvVs1ZMKNYwDQYJKoZIhvcNAQEL
 BQAwNTETMBEGA1UECgwKUmVkaXMgVGVzdDEeMBwGA1UEAwwVQ2VydGlmaWNhdGUg
 QXV0aG9yaXR5MB4XDTI1MDUwMTE3MzA0NFoXDTI2MDUwMTE3MzA0NFowKzETMBEG
 A1UECgwKUmVkaXMgVGVzdDEUMBIGA1UEAwwLU2VydmVyLW9ubHkwggEiMA0GCSqG
 SIb3DQEBAQUAA4IBDwAwggEKAoIBAQCj9rRzZejIFKPkQa8qyy0bsPib/MjlZpZz
 eNqfdGfWTmwqokUQAOuPL6Mn0cJKT3bua+jo6DeJn3p3jM6++PcJorv4NI+uZAT1
 RKDEzYz23JtMVP81Q7pM8H14g3XpZWwCKhec7ocKb2gHT4mrL8zFg4M2kFkDQ3FH
 FUbirQsrXVTx4UT4Pj09GA0sujJhdru/f/CgkOTj/oJ4JVk9YY8lDjz479lC3YMK
 +Mlit2kNNUSXCWP+m/eLMBVZIHjuZZYa94E6mvgw9ExDgi1mpJjwZKP7y3bAP1ib
 M6AoHDqQyKUe1SbwGrNWRgsVtlAlshJi571c8/qabNSFWptxyAKlAgMBAAGjYjBg
 MAsGA1UdDwQEAwIFoDARBglghkgBhvhCAQEEBAMCBkAwHQYDVR0OBBYEFP81jIYo
 TayyJ4ReOnr9kWYi/CgVMB8GA1UdIwQYMBaAFGifegOeUflLHL6AuWVeOyDgcNew
 MA0GCSqGSIb3DQEBCwUAA4ICAQDKIk8Ett45QhJs0rsuDyTcYYngx+TbZkOmCONA
 kFAC2Dk/Kv1geLV0hIRvcUDXewkTwSZPnmqI9yiOdTB1xTOyftmXXAGUSVTSNSCB
 hk6K5CxvUyKC48/mJQVq/mVIBYpH7/TF1/FX4OCa5ZyQtyCnq1yEXSWEsWoObTqV
 e5HKFM81ppsopLTRp7FtIpNqv9Yn/KRrse1ijwC8ty5DaH+4j9BiGZbRHl1j4jRz
 5IxqcnCrFY6sw1m4w/YfLv0gq3iMRzL3FKpOLZYxIyDqfQAR9WxZ9RVaDdf/4H9Y
 qrcWf9shPoIt9Lpwbgwy378rcBDIklxrhTNvYaCnw58AyjI+BuFdlmomsoaxqRxm
 W50/mju6UWG8jYnb11fHpZi55YuBcqBz3FaMZL8pUg0EOswS9yowNBZZaTTNMXV6
 BiAbkdDMXhMTuLwgBzmPI5znIkNJsQAYD80d+AqeaVkDebpld8ONDA28vlXMglwN
 nhvaBy9kdaUo28NI16WBY6gXnse1H6d0Rdp/pvBjeUOtv+lvdSx5+gC+yk0SZ63L
 urT+ZVgP8NN1EPJ2w3CUoqflSdRsqukEjeuCsIO+6VWFWz7lVJAYf/5OSVqg1FEn
 AZVGo7J/eR/MfcMh0b/3w9zcd3t0nKa1NE+WGykRfBWs3vYULPRzaQt6wtzQ3wHY
 UP4BVA==
 -----END CERTIFICATE-----
--- a/images/haze/redis-certificates/server.key
+++ b/images/haze/redis-certificates/server.key
@ -1,28 +0,0 @@
 -----BEGIN PRIVATE KEY-----
 MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQCj9rRzZejIFKPk
 Qa8qyy0bsPib/MjlZpZzeNqfdGfWTmwqokUQAOuPL6Mn0cJKT3bua+jo6DeJn3p3
 jM6++PcJorv4NI+uZAT1RKDEzYz23JtMVP81Q7pM8H14g3XpZWwCKhec7ocKb2gH
 T4mrL8zFg4M2kFkDQ3FHFUbirQsrXVTx4UT4Pj09GA0sujJhdru/f/CgkOTj/oJ4
 JVk9YY8lDjz479lC3YMK+Mlit2kNNUSXCWP+m/eLMBVZIHjuZZYa94E6mvgw9ExD
 gi1mpJjwZKP7y3bAP1ibM6AoHDqQyKUe1SbwGrNWRgsVtlAlshJi571c8/qabNSF
 WptxyAKlAgMBAAECggEACytJZuRV823h2DECmLIByaAdigAHQ1vgpc8MEs6gKtYU
 F4y5kvnXvLJBtVBcTCmWRW7ZDSc8bps21sv4YsPyOBgmISXwylq1Mmv8CPajl/Fh
 LCr3aOPLM2XdINzQ/Gwp67UoVKAJrOlNNypGNitpvI6qh93/YkcxgTvEJLl68veA
 V/5SywFw52YFFVGSKTWk9Ht20+/hE0bG4PbiTBmUH2vQYV2j68OwFA8/Th4KK1au
 e7GEYJ+e+0xArJ4jRrD51Rb7G7O/EV57UvTYJZrGOufOvxU5OCj3dMmLyhrNgmSG
 T+DGht2DJWGHLlEuu0HxYUbxA/O/T7/qRKa3eFqBpQKBgQDX8AFkSL5igUCs+/+4
 JB5ptA1xgjYN3xfGxJDEtGEmMRCFgnFYOmJzY4Tb23DLI1vmcrt404tssUApIKQQ
 WOJNDf9ykn7P39cupNgxwBCDtUcYu9lrk8TCJi9tREUFHKgf0b9aRKLKcW0U5uiJ
 4g+CDV0Tf4KSlz5tAVBjsknYkwKBgQDCYjE40pSFuMmRC+8NkT/h/QyUXrX+/2eh
 2r2L70CB0i5kuaRfWW8MEzh65a536U2mt4/qs4+jUo4dmcoToUrAwsIa2cv8SiTH
 ch4d1v/5dPQfrgvoRJJPyTJFEZreEfjp0fHcNhp1X0tZPiuMF79tpdx+sQjaq7NT
 R4FZ66/S5wKBgQC2xI+JAAEUgu3o/EoO45NSSHFwd5Ok3gTT2h/mPf5UQwcG2cdx
 s8kMfVlAdVXcugrY3JdMx1ClKMlzhgsXQwQX0Bc8ND5dV8pb0m6ifTv9HnwUtTpr
 UWEiKwvNYhFBKGYsuG1Ly/g1fRekr2R2//28R+9Vx4EO7jCKNqiCGa9jPQKBgHtQ
 n7lUnjRXDkieMYGB6+0KA7j8fKjQjoX3ptfnaBzzocr0mnqC2hfm+aW9n/kiYMir
 Gvnh//W0ocPVlITvheTTqSAvm2DqCHsewkxb4Pf4YgbW+2bWWZuUH/gBOyY2cJql
 PbJeAFsFoV90OVwelKqS1lbpKJzQ4GqsqjrJcjlxAoGBAJkgFZTJ57kZyYKYEm0a
 CU7qdy25VzoOzh5HZGuJ7QTVNBJpSPtm1Mv5/POR5swLzqVCWHddwUOxWuErtPwy
 iFCFQhYKwlpfKV/fKpWUzSMWSbXwYzsqGJwcOsyBd4lSxElsWj6sDON9l6LHfQcq
 umJV5KsCDP6WeLXxlYictEhD
 -----END PRIVATE KEY-----
--- a/images/haze/rsnapshot.conf
+++ b/images/haze/rsnapshot.conf
@ -1,18 +0,0 @@
 config_version	1.2
 snapshot_root	/var/cache/rsnapshot/
 cmd_cp		/bin/cp
 cmd_rm		/bin/rm
 cmd_rsync	/usr/bin/rsync
 cmd_logger	/usr/bin/logger
 retain	alpha	6
 retain	beta	7
 retain	gamma	4
 #retain	delta	3
 logfile	/var/log/rsnapshot.log
 lockfile	/var/run/rsnapshot.pid
 backup	/var/www/html/data	localhost/
--- a/images/php/Dockerfile
+++ b/images/php/Dockerfile
@ -1,96 +0,0 @@
 ARG PHP_VERSION
 ARG BASE_IMAGE=php
 FROM ${BASE_IMAGE}:${PHP_VERSION}-fpm-bookworm
 MAINTAINER  Robin Appelman <robin@icewind.nl>
 RUN DEBIAN_FRONTEND=noninteractive ;\
    apt-get update && \
    apt-get install --assume-yes \
        bzip2 \
        nginx \
        libaio-dev \
        wget \
        unzip \
    && rm -rf /var/lib/apt/lists/*
 ADD configure_gd.sh /
 # php exceptions
 RUN apt-get update \
    && apt-get install -y \
        libfreetype6-dev \
        libjpeg62-turbo-dev \
        libmcrypt-dev \
        libpng-dev \
        libpq5 \
        libpq-dev \
        libsqlite3-dev \
        libcurl4-openssl-dev \
        libicu-dev \
        libzip-dev \
        libonig-dev \
        libldap2-dev \
        libsmbclient-dev \
 	      libgmp-dev \
    && /configure_gd.sh \
    && docker-php-ext-install gd \
    && docker-php-ext-install iconv zip pdo pdo_pgsql pdo_sqlite pgsql pdo_mysql intl curl mbstring pcntl ldap exif gmp \
    && pecl install inotify \
    && pecl install smbclient \
    && pecl install excimer \
    && apt-get remove -y \
        libfreetype6-dev \
        libjpeg62-turbo-dev \
        libmcrypt-dev \
        libpng-dev \
        libpq-dev \
        libsqlite3-dev \
        libcurl4-openssl-dev \
        libicu-dev \
        libzip-dev \
        libonig-dev \
        libldap2-dev \
        libsmbclient-dev \
    && rm -rf /var/lib/apt/lists/*
 RUN pecl install apcu \
    && pecl install xdebug \
    && pecl install redis \
    && export VERSION=`php -r "echo PHP_MAJOR_VERSION.PHP_MINOR_VERSION;"` \
    && curl -A "Docker" -o /tmp/blackfire-probe.tar.gz -D - -L -s https://blackfire.io/api/v1/releases/probe/php/linux/amd64/${VERSION} \
    && tar zxpf /tmp/blackfire-probe.tar.gz -C /tmp \
    && mv /tmp/blackfire-*.so `php -r "echo ini_get('extension_dir');"`/blackfire.so
 ARG BASE_IMAGE
 RUN sh -c 'if [ "$BASE_IMAGE" = "php" ]; then echo "extension=smbclient.so" > $PHP_INI_DIR/conf.d/smbclient.ini; fi' \
    && sh -c 'if [ "$BASE_IMAGE" = "php" ]; then echo "extension=blackfire.so" > $PHP_INI_DIR/conf.d/blackfire.ini; fi' \
    && echo "extension=excimer.so" > $PHP_INI_DIR/conf.d/excimer.ini \
    && echo "extension=inotify.so" > $PHP_INI_DIR/conf.d/inotify.ini \
    && echo "zend_extension=$(find /usr/local/lib/php/extensions/ -name xdebug.so)" > $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "xdebug.mode=debug,trace,profile" >> $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "xdebug.start_with_request=trigger" >> $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "xdebug.discover_client_host=true" >> $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "xdebug.client_host=hazehost" >> $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "xdebug.log_level=0" >> $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "xdebug.output_dir=/tmp/xdebug" >> $PHP_INI_DIR/conf.d/xdebug.ini \
    && echo "memory_limit = 512M" > $PHP_INI_DIR/conf.d/memory_limit.ini \
    && curl -sS https://getcomposer.org/installer | php -- --install-dir=/usr/bin --filename=composer
 ADD install-oci.sh /
 RUN /install-oci.sh \
    &&  echo "extension=oci8.so" > $PHP_INI_DIR/conf.d/oci8.ini
 ADD apcu.ini opcache.ini redis.ini $PHP_INI_DIR/conf.d/
 ADD nginx.conf nginx-app.conf /etc/nginx/
 ADD php-fpm.conf /usr/local/etc/
 ADD index.php /var/www/html/
 ADD bootstrap-nginx.sh /usr/local/bin/
 EXPOSE 80
 ENTRYPOINT  ["bootstrap-nginx.sh"]
--- a/images/php/apcu.ini
+++ b/images/php/apcu.ini
@ -1,2 +0,0 @@
 extension=apcu.so
 apc.enable_cli = 1
--- a/images/php/bootstrap-nginx.sh
+++ b/images/php/bootstrap-nginx.sh
@ -1,27 +0,0 @@
 #!/bin/sh
 touch /var/log/nginx/access.log
 touch /var/log/nginx/error.log
 tail --follow --retry /var/log/nginx/*.log &
 UID=${UID:-1000}
 GID=${GID:-1000}
 if [ $(getent group $GID) ]; then
  groupadd haze
  EXTRA_GROUP=" -G haze"
 else
  groupadd -g $GID haze
  EXTRA_GROUP=""
 fi
 useradd -u $UID -g $GID $EXTRA_GROUP haze
 chown -R haze:$GID /home/haze
 if [ -f "/var/run/docker.sock" ]; then
  groupadd docker -g $(stat --format "%g" /var/run/docker.sock)
  usermod -a -G docker haze
 fi
 /usr/local/sbin/php-fpm &
 nginx
--- a/images/php/configure_gd.sh
+++ b/images/php/configure_gd.sh
@ -1,19 +0,0 @@
 #!/bin/sh
 PHP=$(echo "$PHP_VERSION" | cut -c -3)
 echo "php $PHP"
 if [ "$PHP" = "7.2" ] || [ "$PHP" = "7.3" ]; then
  docker-php-ext-configure gd \
          --with-gd \
          --with-jpeg-dir \
          --with-png-dir \
          --with-zlib-dir \
          --with-freetype-dir
 else
  docker-php-ext-configure gd \
          --enable-gd \
          --with-jpeg \
          --with-freetype
 fi
--- a/images/php/index.php
+++ b/images/php/index.php
@ -1,3 +0,0 @@
 <?php
 echo "hello_world";
--- a/images/php/install-oci.sh
+++ b/images/php/install-oci.sh
@ -1,25 +0,0 @@
 #!/bin/sh
 PHP=$(echo "$PHP_VERSION" | cut -c -3)
 echo "php $PHP"
 case $PHP in
  "7.4") OCI_VERSION="-2.2.0" ;;
  "8.0") OCI_VERSION="-3.0.1" ;;
  "8.1") OCI_VERSION="-3.2.1" ;;
   *) status=$status ;;
 esac
 echo "using oci8$OCI_VERSION"
 mkdir /opt/oracle
 cd /opt/oracle
 wget https://download.oracle.com/otn_software/linux/instantclient/2110000/instantclient-basiclite-linux.x64-21.10.0.0.0dbru.zip
 wget https://download.oracle.com/otn_software/linux/instantclient/2110000/instantclient-sdk-linux.x64-21.10.0.0.0dbru.zip
 unzip instantclient-basiclite-linux.x64-21.10.0.0.0dbru.zip
 unzip instantclient-sdk-linux.x64-21.10.0.0.0dbru.zip
 rm instantclient*.zip
 echo /opt/oracle/instantclient_21_10 > /etc/ld.so.conf.d/oracle-instantclient.conf
 ldconfig
 pecl install -D 'with-oci8="instantclient,/opt/oracle/instantclient_21_10"' oci8$OCI_VERSION
--- a/images/php/nginx-app.conf
+++ b/images/php/nginx-app.conf
@ -1 +0,0 @@
--- a/images/php/opcache.ini
+++ b/images/php/opcache.ini
@ -1,2 +0,0 @@
 zend_extension=opcache.so
 opcache.enable_cli=1 
--- a/images/php/redis.ini
+++ b/images/php/redis.ini
@ -1 +0,0 @@
 extension=redis.so
--- a/images/push.sh
+++ b/images/push.sh
@ -1,15 +0,0 @@
 #!/usr/bin/env bash
 set -e
 versions=("8.1" "8.2" "8.0-dbg" "8.1-dbg" "8.2-dbg")
 for version in "${versions[@]}"; do
  docker push "icewind1991/haze-php:$version"
 done
 for version in "${versions[@]}"; do
  docker push "icewind1991/haze:$version"
 done
 docker push "icewind1991/haze-ldap"
--- a/nix/image/bootstrap-nginx.sh
+++ b/nix/image/bootstrap-nginx.sh
@ -0,0 +1,43 @@
 #!/usr/bin/env bash
 NGINX_CONFIG="$1"
 FPM_CONFIG="$2"
 echo "nginx: $NGINX_CONFIG"
 echo "fpm: $FPM_CONFIG"
 mkdir -p /var/log/nginx /tmp
 touch /var/log/nginx/access.log
 touch /var/log/nginx/error.log
 tail --follow --retry /var/log/nginx/*.log &
 HAZE_UID=${HAZE_UID:-1000}
 HAZE_GID=${HAZE_GID:-1000}
 # undo the fakeNss symlink
 mv /etc/passwd /etc/passwd.bak
 cp /etc/passwd.bak /etc/passwd
 mv /etc/group /etc/group.bak
 cp /etc/group.bak /etc/group
 if [ "$(getent group "$HAZE_GID")" ]; then
  groupadd haze
  EXTRA_GROUP=" -G haze"
 else
  groupadd -g "$HAZE_GID" haze
  EXTRA_GROUP=""
 fi
 useradd -m -u "$HAZE_UID" -g "$HAZE_GID""$EXTRA_GROUP" haze
 chown -R haze:"$HAZE_GID" /home/haze
 if [ -f "/var/run/docker.sock" ]; then
  groupadd docker -g "$(stat --format "%g" /var/run/docker.sock)"
  usermod -a -G docker haze
 fi
 php-fpm --fpm-config "$FPM_CONFIG" &
 nginx -c "$NGINX_CONFIG"
--- a/nix/image/bootstrap.sh
+++ b/nix/image/bootstrap.sh
@ -0,0 +1,107 @@
 #!/usr/bin/env bash
 touch /var/log/nginx/access.log
 touch /var/log/nginx/error.log
 touch /var/log/cron/owncloud.log
 cp /etc/nc/config.php /var/www/html/config/config.php
 chmod 0755 /var/www/html/config/config.php
 if [ "$SQL" = "mysql" ]
 then
 	cp /etc/nc/autoconfig_mysql.php /var/www/html/config/autoconfig.php
 fi
 if [ "$SQL" = "mariadb" ]
 then
 	cp /etc/nc/autoconfig_mariadb.php /var/www/html/config/autoconfig.php
 fi
 if [ "$SQL" = "pgsql" ]
 then
 	cp /etc/nc/autoconfig_pgsql.php /var/www/html/config/autoconfig.php
 fi
 if [ "$SQL" = "oci" ]
 then
 	cp /etc/nc/autoconfig_oci.php /var/www/html/config/autoconfig.php
 fi
 HAZE_UID=${HAZE_UID:-www-data}
 HAZE_GID=${HAZE_GID:-www-data}
 echo "Running as $HAZE_UID:$HAZE_GID"
 mkdir -p /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
 chown -R "$HAZE_UID":"$HAZE_GID" /var/www/html/data /var/www/html/config
 chown "$HAZE_UID":"$HAZE_GID" /var/www/html/core/skeleton /var/www/html/build/integration/vendor /var/www/html/build/integration/composer.lock /var/www/html/build/integration/output /var/www/html/build/integration/work /var/www/html/core/skeleton /var/www/.composer/cache /var/www/html/apps/spreed/tests/integration/vendor/composer
 echo "{}" > /var/www/html/build/integration/composer.lock
 echo "Starting server using $SQL database…"
 tail --follow --retry /var/log/nginx/*.log /var/log/cron/owncloud.log &
 if [ -n "${S3:-}" ]
 then
 	sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3.php' /var/www/html/config/config.php
 fi
 if [ -n "${S3MB:-}" ]
 then
 	sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3mb.php' /var/www/html/config/config.php
 fi
 if [ -n "${S3M:-}" ]
 then
 	sed -i '/\/\/PLACEHOLDER/ r /etc/nc/s3m.php' /var/www/html/config/config.php
 fi
 if [ -n "${SWIFT:-}" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /etc/nc/swift.php' /var/www/html/config/config.php
 fi
 if [ -n "${SWIFTV3:-}" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /etc/nc/swiftv3.php' /var/www/html/config/config.php
 fi
 if [ -n "${AZURE:-}" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /etc/nc/azure.php' /var/www/html/config/config.php
 fi
 if [ -n "${REDIS_TLS:-}" ]
 then
    sed -i '/\/\/PLACEHOLDER/ r /etc/nc/redis-tls.php' /var/www/html/config/config.php
 else
  sed -i '/\/\/PLACEHOLDER/ r /etc/nc/redis-default.php' /var/www/html/config/config.php
 fi
 if [ -n "${BLACKFIRE_SERVER_ID:-}" ]
 then
  sh -c '
    yes | blackfire agent:config --server-id=$BLACKFIRE_SERVER_ID --server-token=$BLACKFIRE_SERVER_TOKEN
    mkdir /var/run/blackfire/
    BLACKFIRE_LOG_LEVEL=4 BLACKFIRE_LOG_FILE=/var/log/agent.log blackfire agent &
  '&
 fi
 # crontab /etc/oc-cron.conf
 # crond -f & # todo
 if [ -n "${REDIS_TLS:-}" ]
 then
  redis-server --protected-mode no \
    --tls-port 6379 --port 0 \
    --tls-cert-file /redis-certificates/server.crt \
    --tls-key-file /redis-certificates/server.key \
    --tls-ca-cert-file /redis-certificates/ca.crt &
 else
  redis-server --protected-mode no &
 fi
 echo "starting nginx"
 bootstrap-nginx "$@"
--- a/nix/image/configs.nix
+++ b/nix/image/configs.nix
@ -0,0 +1,8 @@
 {runCommand}:
 runCommand "configs" {} ''
  mkdir -p $out/etc
  mkdir -p $out/conf
  cp ${./configs/cron.conf} $out/etc/oc-cron.conf
  cp ${./configs/nginx-app.conf} $out/conf/nginx-app.conf
  cp -r ${./configs/nc} $out/etc/nc
 ''
--- a/images/haze/configs/.aws/config
+++ b/images/haze/configs/.aws/config
--- a/images/haze/configs/.aws/credentials
+++ b/images/haze/configs/.aws/credentials
--- a/images/haze/configs/.gdbinit
+++ b/images/haze/configs/.gdbinit
--- a/images/haze/configs/.s3cfg
+++ b/images/haze/configs/.s3cfg
--- a/images/haze/configs/cron.conf
+++ b/images/haze/configs/cron.conf
--- a/images/haze/configs/ldap.php
+++ b/images/haze/configs/ldap.php
--- a/images/haze/configs/ldap/seed.ldif
+++ b/images/haze/configs/ldap/seed.ldif
--- a/nix/image/configs/nc/autoconfig_ldap.php
+++ b/nix/image/configs/nc/autoconfig_ldap.php
--- a/nix/image/configs/nc/autoconfig_mariadb.php
+++ b/nix/image/configs/nc/autoconfig_mariadb.php
--- a/nix/image/configs/nc/autoconfig_mysql.php
+++ b/nix/image/configs/nc/autoconfig_mysql.php
--- a/nix/image/configs/nc/autoconfig_oci.php
+++ b/nix/image/configs/nc/autoconfig_oci.php
--- a/nix/image/configs/nc/autoconfig_pgsql.php
+++ b/nix/image/configs/nc/autoconfig_pgsql.php
--- a/nix/image/configs/nc/azure.php
+++ b/nix/image/configs/nc/azure.php
--- a/nix/image/configs/nc/config.php
+++ b/nix/image/configs/nc/config.php
--- a/nix/image/configs/nc/ldap.php
+++ b/nix/image/configs/nc/ldap.php
@ -0,0 +1,10 @@
    'objectstore' => [
        'class' => 'OC\\Files\\ObjectStore\\Azure',
 	    'arguments' => array(
 		    'container' => 'test',
    		'account_name' => 'devstoreaccount1',
    		'account_key' => 'Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==',
    		'endpoint' => 'http://azure:10000/devstoreaccount1',
    		'autocreate' => true
 	    )
 	],
--- a/nix/image/configs/nc/redis-default.php
+++ b/nix/image/configs/nc/redis-default.php
--- a/nix/image/configs/nc/redis-tls.php
+++ b/nix/image/configs/nc/redis-tls.php
--- a/nix/image/configs/nc/s3.php
+++ b/nix/image/configs/nc/s3.php
--- a/nix/image/configs/nc/s3m.php
+++ b/nix/image/configs/nc/s3m.php
--- a/nix/image/configs/nc/s3mb.php
+++ b/nix/image/configs/nc/s3mb.php
--- a/nix/image/configs/nc/swift.php
+++ b/nix/image/configs/nc/swift.php
--- a/nix/image/configs/nc/swiftv3.php
+++ b/nix/image/configs/nc/swiftv3.php
--- a/images/haze/configs/nginx-app.conf
+++ b/images/haze/configs/nginx-app.conf
--- a/images/haze/configs/sudoers
+++ b/images/haze/configs/sudoers
--- a/nix/image/haze.nix
+++ b/nix/image/haze.nix
@ -0,0 +1,127 @@
 {
  lib,
  dockerTools,
  php,
  bash,
  nginx,
  blackfire,
  coreutils,
  getent,
  shadow,
  buildEnv,
  runCommand,
  cacert,
  callPackage,
  cronie,
  redis,
  gnused,
  samba,
  wget,
  git,
  procps,
  gnugrep,
  minio-client,
  neovim,
  helix,
  debug ? false,
  writeShellApplication,
 }: let
  inherit (lib) readFile getExe;
  phpVersion = lib.concatStringsSep "." (lib.take 2 (lib.splitString "." php.version));
  phpEnv = callPackage ./php.nix {inherit debug php;};
  bootstrap-nginx = writeShellApplication {
    name = "bootstrap-nginx";
    text = readFile ./bootstrap-nginx.sh;
  };
  bootstrap = writeShellApplication {
    name = "bootstrap";
    runtimeInputs = [getent];
    text = readFile ./bootstrap.sh;
  };
  tmpDir = runCommand "tmp-dir" {} ''
    mkdir -p $out/tmp
    mkdir -p $out/var/cache/nginx
    mkdir -p $out/var/log/nginx
    mkdir -p $out/var/log/cron
    mkdir -p $out/var/www/html
    mkdir -p $out/var/run
    mkdir -p $out/var/tmp
    mkdir -p $out/run
    mkdir -p $out/conf
    mkdir -p $out/var/spool
  '';
  configs = callPackage ./configs.nix {};
  scripts = callPackage ./scripts.nix {};
  redis-certificates = runCommand "scripts" {} ''
    mkdir -p $out
    cp -r ${../../redis-certificates} $out/redis-certificates
  '';
  baseImage = dockerTools.buildImage {
    name = "icewind1991/haze-base";
    tag = phpVersion;
    copyToRoot = [
      cacert
      dockerTools.usrBinEnv
      dockerTools.fakeNss
      bash
      blackfire
      nginx
      coreutils
      shadow
      cronie
      redis
      gnused
      procps
      gnugrep
      minio-client
      # samba
      wget
      neovim
      helix
    ];
  };
  phpImage = dockerTools.buildImage {
    name = "icewind1991/haze-php";
    tag = phpVersion;
    fromImage = baseImage;
    copyToRoot = [
      phpEnv
      phpEnv.packages.composer
    ];
  };
 in
  dockerTools.buildLayeredImage {
    name = "icewind1991/haze";
    tag = phpVersion;
    maxLayers = 5;
    fromImage = phpImage;
    contents = [
      tmpDir
      bootstrap-nginx
      bootstrap
      configs
      scripts
      redis-certificates
    ];
    fakeRootCommands = ''
      chmod 1777 tmp
      chmod 1777 var/tmp
      chmod 1777 var/run
      chmod 1777 var/log/nginx
      chmod 1777 var/cache/nginx
      chmod 1777 var/spool
      chmod -R 0755 etc/nc
    '';
    config = {
      Cmd = [(getExe bootstrap) ./nginx.conf ./php-fpm.conf];
      Env = ["EDITOR=hx" "WEBROOT=/var/www/html"];
      WorkingDir = "/var/www/html";
    };
  }
--- a/images/php/nginx.conf
+++ b/images/php/nginx.conf
@ -23,7 +23,7 @@ http {
    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;
-    include /etc/nginx/mime.types;
+    include /conf/mime.types;
    types {
        application/javascript mjs;
    }
@ -48,7 +48,7 @@ http {
    server_tokens off;
    upstream php-handler {
-        server unix:/var/run/php5-fpm.sock;
+        server unix:/var/run/php-fpm.sock;
    }
    server {
@ -69,13 +69,13 @@ http {
            access_log off;
        }
-        include nginx-app.conf;
+        include /conf/nginx-app.conf;
        location ~ \.php(?:$|/) {
            rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
-            include fastcgi_params;
+            include /conf/fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_pass php-handler;
--- a/images/php/php-fpm.conf
+++ b/images/php/php-fpm.conf
@ -1,6 +1,3 @@
 ; This file was initially adapated from the output of: (on PHP 5.6)
 ;   grep -vE '^;|^ *$' /usr/local/etc/php-fpm.conf.default
 [global]
 error_log = /proc/self/fd/2
@ -8,13 +5,12 @@ daemonize = no
 [www]
 ; if we send this to /proc/self/fd/1, it never appears
 access.log = /proc/self/fd/2
 user = haze
 group = haze
-listen = /var/run/php5-fpm.sock
+listen = /var/run/php-fpm.sock
 listen.owner = haze
 listen.group = haze
--- a/nix/image/php.nix
+++ b/nix/image/php.nix
@ -0,0 +1,53 @@
 {
  lib,
  php,
  debug ? false,
 }: let
  inherit (lib) optionals;
 in
  php.buildEnv {
    extensions = {
      enabled,
      all,
    }:
      enabled
      ++ (with all;
        [
          xdebug
          excimer
          inotify
          redis
          oci8
          zip
          pdo
          pdo_pgsql
          pdo_sqlite
          pdo_mysql
          pgsql
          intl
          curl
          mbstring
          pcntl
          ldap
          exif
          gmp
          apcu
        ]
        ++ optionals (!debug) [
          # smbclient # this breaks the build for no apparent reason
          blackfire
        ]);
    extraConfig = ''
      xdebug.mode=debug,trace,profile
      xdebug.start_with_request=trigger
      xdebug.discover_client_host=true
      xdebug.client_host=hazehost
      xdebug.log_level=0
      xdebug.output_dir=/tmp/xdebug
      memory_limit=512M
      apc.enable_cli=1
      opcache.enable_cli=1
    '';
  }
--- a/nix/image/scripts.nix
+++ b/nix/image/scripts.nix
@ -0,0 +1,5 @@
 {runCommand}:
 runCommand "scripts" {} ''
  mkdir -p $out
  cp -r ${./scripts} $out/bin
 ''
--- a/nix/image/scripts/install
+++ b/nix/image/scripts/install
--- a/nix/image/scripts/integration
+++ b/nix/image/scripts/integration
--- a/nix/image/scripts/occ
+++ b/nix/image/scripts/occ
--- a/nix/image/scripts/phpunit
+++ b/nix/image/scripts/phpunit
--- a/nix/image/scripts/tests
+++ b/nix/image/scripts/tests
--- a/nix/overlay.nix
+++ b/nix/overlay.nix
@ -1,3 +1,7 @@
 final: prev: {
  haze = final.callPackage ./package.nix {};
  haze-image-php-84 = final.callPackage ./image/haze.nix {php = final.php84;};
  haze-image-php-83 = final.callPackage ./image/haze.nix {php = final.php83;};
  haze-image-php-82 = final.callPackage ./image/haze.nix {php = final.php82;};
  haze-image-php-81 = final.callPackage ./image/haze.nix {php = final.php81;};
 }
--- a/src/cloud.rs
+++ b/src/cloud.rs
@ -282,8 +282,8 @@ impl Cloud {
        let mut env = vec![
            "PHP_IDE_CONFIG=serverName=haze".to_string(),
            "CHROMIUM_BIN=/usr/local/bin/chromium-no-sandbox".to_string(),
-            format!("UID={}", uid),
+            format!("HAZE_UID={}", uid),
-            format!("GID={}", gid),
+            format!("HAZE_GID={}", gid),
            format!("SQL={}", options.db.name()),
        ];
        let volumes: Vec<String> = mappings
		`@ -1,2 +0,0 @@`
			`zend_extension=opcache.so`
			`opcache.enable_cli=1`