Bot Updating Templated Files

Reorder init to fix permissions

.editorconfig

@@ -15,6 +15,6 @@ trim_trailing_whitespace = false
 indent_style = space
 indent_size = 2
 
-[{**.sh,root/etc/s6-overlay/s6-rc.d/**,root/etc/cont-init.d/**,root/etc/services.d/**}]
+[{**.sh,root/etc/cont-init.d/**,root/etc/services.d/**}]
 indent_style = space
 indent_size = 4

.github/CONTRIBUTING.md

@@ -6,7 +6,7 @@
 * Read, and fill the Pull Request template
   * If this is a fix for a typo (in code, documentation, or the README) please file an issue and let us sort it out. We do not need a PR
   * If the PR is addressing an existing issue include, closes #\<issue number>, in the body of the PR commit message
-* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://linuxserver.io/discord)
+* If you want to discuss changes, you can also bring it up in [#dev-talk](https://discordapp.com/channels/354974912613449730/757585807061155840) in our [Discord server](https://discord.gg/YWrKVTn)
 
 ## Common files
 
@@ -24,7 +24,7 @@
 ## Readme
 
 If you would like to change our readme, please __**do not**__ directly edit the readme, as it is auto-generated on each commit.
-Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-heimdall/edit/development/readme-vars.yml).
+Instead edit the [readme-vars.yml](https://github.com/linuxserver/docker-heimdall/edit/master/readme-vars.yml).
 
 These variables are used in a template for our [Jenkins Builder](https://github.com/linuxserver/docker-jenkins-builder) as part of an ansible play.
 Most of these variables are also carried over to [docs.linuxserver.io](https://docs.linuxserver.io/images/docker-heimdall)
@@ -105,17 +105,17 @@ docker build \
   -t linuxserver/heimdall:latest .
 ```
 
-The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`
+The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
 
 ```bash
-docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
+docker run --rm --privileged multiarch/qemu-user-static:register --reset
 ```
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
 
 ## Update the changelog
 
-If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-heimdall/tree/development/root), add an entry to the changelog
+If you are modifying the Dockerfiles or any of the startup scripts in [root](https://github.com/linuxserver/docker-heimdall/tree/master/root), add an entry to the changelog
 
 ```yml
 changelogs:

.github/ISSUE_TEMPLATE/config.yml

@@ -1,7 +1,7 @@
 blank_issues_enabled: false
 contact_links:
   - name: Discord chat support
-    url: https://linuxserver.io/discord
+    url: https://discord.gg/YWrKVTn
     about: Realtime support / chat with the community and the team.
 
   - name: Discourse discussion forum

.github/ISSUE_TEMPLATE/issue.bug.yml

@@ -53,6 +53,7 @@ body:
       options:
         - x86-64
         - arm64
+        - armhf
     validations:
       required: true
   - type: textarea
@@ -67,10 +68,10 @@ body:
   - type: textarea
     attributes:
       description: |
-        Provide a full docker log, output of "docker logs heimdall"
+        Provide a full docker log, output of "docker logs linuxserver.io"
       label: Container logs
       placeholder: |
-        Output of `docker logs heimdall`
+        Output of `docker logs linuxserver.io`
       render: bash
     validations:
       required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -21,7 +21,7 @@
 
 ------------------------------
 
- - [ ] I have read the [contributing](https://github.com/linuxserver/docker-heimdall/blob/development/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
+ - [ ] I have read the [contributing](https://github.com/linuxserver/docker-heimdall/blob/master/.github/CONTRIBUTING.md) guideline and understand that I have made the correct modifications
 
 ------------------------------
 

.github/workflows/call_issue_pr_tracker.yml

@@ -1,19 +0,0 @@
-name: Issue & PR Tracker
-
-on:
-  issues:
-    types: [opened,reopened,labeled,unlabeled,closed]
-  pull_request_target:
-    types: [opened,reopened,review_requested,review_request_removed,labeled,unlabeled,closed]
-  pull_request_review:
-    types: [submitted,edited,dismissed]
-
-permissions:
-  contents: read
-
-jobs:
-  manage-project:
-    permissions:
-      issues: write
-    uses: linuxserver/github-workflows/.github/workflows/issue-pr-tracker.yml@v1
-    secrets: inherit

.github/workflows/call_issues_cron.yml

@@ -1,16 +0,0 @@
-name: Mark stale issues and pull requests
-on:
-  schedule:
-    - cron:  '14 15 * * *'
-  workflow_dispatch:
-
-permissions:
-  contents: read
-
-jobs:
-  stale:
-    permissions:
-      issues: write
-      pull-requests: write
-    uses: linuxserver/github-workflows/.github/workflows/issues-cron.yml@v1
-    secrets: inherit

.github/workflows/external_trigger.yml

@@ -3,86 +3,49 @@ name: External Trigger Main
 on:
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
-  external-trigger-development:
+  external-trigger-master:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v3.1.0
 
       - name: External Trigger
-        if: github.ref == 'refs/heads/development'
-        env:
-          SKIP_EXTERNAL_TRIGGER: ${{ vars.SKIP_EXTERNAL_TRIGGER }}
+        if: github.ref == 'refs/heads/master'
         run: |
-          printf "# External trigger for docker-heimdall\n\n" >> $GITHUB_STEP_SUMMARY
-          if grep -q "^heimdall_development_" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
-            echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
-            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`heimdall_development_\`; will skip trigger if version matches." >> $GITHUB_STEP_SUMMARY
-          elif grep -q "^heimdall_development" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
-            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` contains \`heimdall_development\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
-            exit 0
-          fi
-          echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
-          echo "> External trigger running off of development branch. To disable this trigger, add \`heimdall_development\` into the Github organizational variable \`SKIP_EXTERNAL_TRIGGER\`." >> $GITHUB_STEP_SUMMARY
-          printf "\n## Retrieving external version\n\n" >> $GITHUB_STEP_SUMMARY
-          EXT_RELEASE=$(curl -u "${{ secrets.CR_USER }}:${{ secrets.CR_PAT }}" -sX GET "https://api.github.com/repos/linuxserver/Heimdall/commits/2.x" | jq -r '. | .sha' | cut -c1-8)
-          echo "Type is \`github_commit\`" >> $GITHUB_STEP_SUMMARY
-          if grep -q "^heimdall_development_${EXT_RELEASE}" <<< "${SKIP_EXTERNAL_TRIGGER}"; then
-            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-            echo "> Github organizational variable \`SKIP_EXTERNAL_TRIGGER\` matches current external release; skipping trigger." >> $GITHUB_STEP_SUMMARY
+          if [ -n "${{ secrets.PAUSE_EXTERNAL_TRIGGER_HEIMDALL_MASTER }}" ]; then
+            echo "**** Github secret PAUSE_EXTERNAL_TRIGGER_HEIMDALL_MASTER is set; skipping trigger. ****"
             exit 0
           fi
+          echo "**** External trigger running off of master branch. To disable this trigger, set a Github secret named \"PAUSE_EXTERNAL_TRIGGER_HEIMDALL_MASTER\". ****"
+          echo "**** Retrieving external version ****"
+          EXT_RELEASE=$(curl -u "${{ secrets.CR_USER }}:${{ secrets.CR_PAT }}" -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" | jq -r '. | .tag_name')
           if [ -z "${EXT_RELEASE}" ] || [ "${EXT_RELEASE}" == "null" ]; then
-            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-            echo "> Can't retrieve external version, exiting" >> $GITHUB_STEP_SUMMARY
-            FAILURE_REASON="Can't retrieve external version for heimdall branch development"
+            echo "**** Can't retrieve external version, exiting ****"
+            FAILURE_REASON="Can't retrieve external version for heimdall branch master"
             GHA_TRIGGER_URL="https://github.com/linuxserver/docker-heimdall/actions/runs/${{ github.run_id }}"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
               "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n**Trigger URL:** '"${GHA_TRIGGER_URL}"' \n"}],
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi
-          EXT_RELEASE_SANITIZED=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
-          echo "Sanitized external version: \`${EXT_RELEASE_SANITIZED}\`" >> $GITHUB_STEP_SUMMARY
-          echo "Retrieving last pushed version" >> $GITHUB_STEP_SUMMARY
+          EXT_RELEASE=$(echo ${EXT_RELEASE} | sed 's/[~,%@+;:/]//g')
+          echo "**** External version: ${EXT_RELEASE} ****"
+          echo "**** Retrieving last pushed version ****"
           image="linuxserver/heimdall"
-          tag="development"
+          tag="latest"
           token=$(curl -sX GET \
             "https://ghcr.io/token?scope=repository%3Alinuxserver%2Fheimdall%3Apull" \
             | jq -r '.token')
-          multidigest=$(curl -s \
-            --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-            --header "Accept: application/vnd.oci.image.index.v1+json" \
-            --header "Authorization: Bearer ${token}" \
-            "https://ghcr.io/v2/${image}/manifests/${tag}")
-          if jq -e '.layers // empty' <<< "${multidigest}" >/dev/null 2>&1; then
-            # If there's a layer element it's a single-arch manifest so just get that digest
-            digest=$(jq -r '.config.digest' <<< "${multidigest}")
-          else
-            # Otherwise it's multi-arch or has manifest annotations
-            if jq -e '.manifests[]?.annotations // empty' <<< "${multidigest}" >/dev/null 2>&1; then
-              # Check for manifest annotations and delete if found
-              multidigest=$(jq 'del(.manifests[] | select(.annotations))' <<< "${multidigest}")
-            fi
-            if [[ $(jq '.manifests | length' <<< "${multidigest}") -gt 1 ]]; then
-              # If there's still more than one digest, it's multi-arch
-              multidigest=$(jq -r ".manifests[] | select(.platform.architecture == \"amd64\").digest?" <<< "${multidigest}")
-            else
-              # Otherwise it's single arch
-              multidigest=$(jq -r ".manifests[].digest?" <<< "${multidigest}")
-            fi
-            if digest=$(curl -s \
+            multidigest=$(curl -s \
               --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
-              --header "Accept: application/vnd.oci.image.manifest.v1+json" \
               --header "Authorization: Bearer ${token}" \
-              "https://ghcr.io/v2/${image}/manifests/${multidigest}"); then
-              digest=$(jq -r '.config.digest' <<< "${digest}");
-            fi
-          fi
+              "https://ghcr.io/v2/${image}/manifests/${tag}" \
+              | jq -r 'first(.manifests[].digest)')
+            digest=$(curl -s \
+              --header "Accept: application/vnd.docker.distribution.manifest.v2+json" \
+              --header "Authorization: Bearer ${token}" \
+              "https://ghcr.io/v2/${image}/manifests/${multidigest}" \
+              | jq -r '.config.digest')
           image_info=$(curl -sL \
             --header "Authorization: Bearer ${token}" \
             "https://ghcr.io/v2/${image}/blobs/${digest}")
@@ -94,54 +57,40 @@ jobs:
           IMAGE_RELEASE=$(echo ${image_info} | jq -r '.Labels.build_version' | awk '{print $3}')
           IMAGE_VERSION=$(echo ${IMAGE_RELEASE} | awk -F'-ls' '{print $1}')
           if [ -z "${IMAGE_VERSION}" ]; then
-            echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-            echo "Can't retrieve last pushed version, exiting" >> $GITHUB_STEP_SUMMARY
-            FAILURE_REASON="Can't retrieve last pushed version for heimdall tag development"
+            echo "**** Can't retrieve last pushed version, exiting ****"
+            FAILURE_REASON="Can't retrieve last pushed version for heimdall tag latest"
             curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 16711680,
               "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
               "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
             exit 1
           fi
-          echo "Last pushed version: \`${IMAGE_VERSION}\`" >> $GITHUB_STEP_SUMMARY
-          if [ "${EXT_RELEASE_SANITIZED}" == "${IMAGE_VERSION}" ]; then
-            echo "Sanitized version \`${EXT_RELEASE_SANITIZED}\` already pushed, exiting" >> $GITHUB_STEP_SUMMARY
+          echo "**** Last pushed version: ${IMAGE_VERSION} ****"
+          if [ "${EXT_RELEASE}" == "${IMAGE_VERSION}" ]; then
+            echo "**** Version ${EXT_RELEASE} already pushed, exiting ****"
             exit 0
-          elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/lastBuild/api/json | jq -r '.building') == "true" ]; then
-            echo "New version \`${EXT_RELEASE}\` found; but there already seems to be an active build on Jenkins; exiting" >> $GITHUB_STEP_SUMMARY
+          elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+            echo "**** New version ${EXT_RELEASE} found; but there already seems to be an active build on Jenkins; exiting ****"
             exit 0
           else
-            if [[ "${artifacts_found}" == "false" ]]; then
-              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-              echo "> New version detected, but not all artifacts are published yet; skipping trigger" >> $GITHUB_STEP_SUMMARY
-              FAILURE_REASON="New version ${EXT_RELEASE} for heimdall tag development is detected, however not all artifacts are uploaded to upstream release yet. Will try again later."
-              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
-                "description": "**Trigger Failed** \n**Reason:** '"${FAILURE_REASON}"' \n"}],
-                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
-            else
-              printf "\n## Trigger new build\n\n" >> $GITHUB_STEP_SUMMARY
-              echo "New sanitized version \`${EXT_RELEASE_SANITIZED}\` found; old version was \`${IMAGE_VERSION}\`. Triggering new build" >> $GITHUB_STEP_SUMMARY
-              if [[ "${artifacts_found}" == "true" ]]; then
-                echo "All artifacts seem to be uploaded." >> $GITHUB_STEP_SUMMARY
-              fi
-              response=$(curl -iX POST \
-                https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/buildWithParameters?PACKAGE_CHECK=false \
-                --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-              echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
-              echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
-              sleep 10
-              buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
-              buildurl="${buildurl%$'\r'}"
-              echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
-              echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
-              curl -iX POST \
-                "${buildurl}submitDescription" \
-                --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
-                --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-                --data-urlencode "Submit=Submit"
-              echo "**** Notifying Discord ****"
-              TRIGGER_REASON="A version change was detected for heimdall tag development. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE_SANITIZED}"
-              curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
-                "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
-                "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
-            fi
+            echo "**** New version ${EXT_RELEASE} found; old version was ${IMAGE_VERSION}. Triggering new build ****"
+            response=$(curl -iX POST \
+              https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/master/buildWithParameters?PACKAGE_CHECK=false \
+              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+            echo "**** Jenkins job queue url: ${response%$'\r'} ****"
+            echo "**** Sleeping 10 seconds until job starts ****"
+            sleep 10
+            buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+            buildurl="${buildurl%$'\r'}"
+            echo "**** Jenkins job build url: ${buildurl} ****"
+            echo "**** Attempting to change the Jenkins job description ****"
+            curl -iX POST \
+              "${buildurl}submitDescription" \
+              --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+              --data-urlencode "description=GHA external trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+              --data-urlencode "Submit=Submit"
+            echo "**** Notifying Discord ****"
+            TRIGGER_REASON="A version change was detected for heimdall tag latest. Old version:${IMAGE_VERSION} New version:${EXT_RELEASE}"
+            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+              "description": "**Build Triggered** \n**Reason:** '"${TRIGGER_REASON}"' \n**Build URL:** '"${buildurl}display/redirect"' \n"}],
+              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
           fi

.github/workflows/external_trigger_scheduler.yml

@@ -2,47 +2,42 @@ name: External Trigger Scheduler
 
 on:
   schedule:
-    - cron:  '39 * * * *'
+    - cron:  '35 * * * *'
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   external-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: '0'
 
       - name: External Trigger Scheduler
         run: |
-          printf "# External trigger scheduler for docker-heimdall\n\n" >> $GITHUB_STEP_SUMMARY
-          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
-          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
+          echo "**** Branches found: ****"
+          git for-each-ref --format='%(refname:short)' refs/remotes
+          echo "**** Pulling the yq docker image ****"
+          docker pull ghcr.io/linuxserver/yq
+          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
           do
-            if [[ "${br}" == "HEAD" ]]; then
-              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
-              continue
-            fi
-            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
-            ls_jenkins_vars=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml)
-            ls_branch=$(echo "${ls_jenkins_vars}" | yq -r '.ls_branch')
-            ls_trigger=$(echo "${ls_jenkins_vars}" | yq -r '.external_type')
-            if [[ "${br}" == "${ls_branch}" ]] && [[ "${ls_trigger}" != "os" ]]; then
-              echo "Branch appears to be live and trigger is not os; checking workflow." >> $GITHUB_STEP_SUMMARY
+            br=$(echo "$br" | sed 's|origin/||g')
+            echo "**** Evaluating branch ${br} ****"
+            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml \
+              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
+            if [ "$br" == "$ls_branch" ]; then
+              echo "**** Branch ${br} appears to be live; checking workflow. ****"
               if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/.github/workflows/external_trigger.yml > /dev/null 2>&1; then
-                echo "Triggering external trigger workflow for branch." >> $GITHUB_STEP_SUMMARY
+                echo "**** Workflow exists. Triggering external trigger workflow for branch ${br} ****."
                 curl -iX POST \
                   -H "Authorization: token ${{ secrets.CR_PAT }}" \
                   -H "Accept: application/vnd.github.v3+json" \
                   -d "{\"ref\":\"refs/heads/${br}\"}" \
                   https://api.github.com/repos/linuxserver/docker-heimdall/actions/workflows/external_trigger.yml/dispatches
               else
-                echo "Skipping branch due to no external trigger workflow present." >> $GITHUB_STEP_SUMMARY
+                echo "**** Workflow doesn't exist; skipping trigger. ****"
               fi
             else
-              echo "Skipping branch due to being detected as dev branch or having no external version." >> $GITHUB_STEP_SUMMARY
+              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
             fi
           done

.github/workflows/greetings.yml

@@ -2,18 +2,12 @@ name: Greetings
 
 on: [pull_request_target, issues]
 
-permissions:
-  contents: read
-
 jobs:
   greeting:
-    permissions:
-      issues: write
-      pull-requests: write
     runs-on: ubuntu-latest
     steps:
     - uses: actions/first-interaction@v1
       with:
-        issue-message: 'Thanks for opening your first issue here! Be sure to follow the relevant issue templates, or risk having this issue marked as invalid.'
-        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-heimdall/blob/development/.github/PULL_REQUEST_TEMPLATE.md)!'
+        issue-message: 'Thanks for opening your first issue here! Be sure to follow the [bug](https://github.com/linuxserver/docker-heimdall/blob/master/.github/ISSUE_TEMPLATE/issue.bug.yml) or [feature](https://github.com/linuxserver/docker-heimdall/blob/master/.github/ISSUE_TEMPLATE/issue.feature.yml) issue templates!'
+        pr-message: 'Thanks for opening this pull request! Be sure to follow the [pull request template](https://github.com/linuxserver/docker-heimdall/blob/master/.github/PULL_REQUEST_TEMPLATE.md)!'
         repo-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/package_trigger.yml

@@ -0,0 +1,38 @@
+name: Package Trigger Main
+
+on:
+  workflow_dispatch:
+
+jobs:
+  package-trigger-master:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3.1.0
+
+      - name: Package Trigger
+        if: github.ref == 'refs/heads/master'
+        run: |
+          if [ -n "${{ secrets.PAUSE_PACKAGE_TRIGGER_HEIMDALL_MASTER }}" ]; then
+            echo "**** Github secret PAUSE_PACKAGE_TRIGGER_HEIMDALL_MASTER is set; skipping trigger. ****"
+            exit 0
+          fi
+          if [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/master/lastBuild/api/json | jq -r '.building') == "true" ]; then
+            echo "**** There already seems to be an active build on Jenkins; skipping package trigger ****"
+            exit 0
+          fi
+          echo "**** Package trigger running off of master branch. To disable, set a Github secret named \"PAUSE_PACKAGE_TRIGGER_HEIMDALL_MASTER\". ****"
+          response=$(curl -iX POST \
+            https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/master/buildWithParameters?PACKAGE_CHECK=true \
+            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
+          echo "**** Jenkins job queue url: ${response%$'\r'} ****"
+          echo "**** Sleeping 10 seconds until job starts ****"
+          sleep 10
+          buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
+          buildurl="${buildurl%$'\r'}"
+          echo "**** Jenkins job build url: ${buildurl} ****"
+          echo "**** Attempting to change the Jenkins job description ****"
+          curl -iX POST \
+            "${buildurl}submitDescription" \
+            --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
+            --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
+            --data-urlencode "Submit=Submit"

.github/workflows/package_trigger_scheduler.yml

@@ -2,102 +2,49 @@ name: Package Trigger Scheduler
 
 on:
   schedule:
-    - cron:  '14 18 * * 5'
+    - cron:  '54 7 * * 0'
   workflow_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   package-trigger-scheduler:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4.1.1
+      - uses: actions/checkout@v3.1.0
         with:
           fetch-depth: '0'
 
       - name: Package Trigger Scheduler
-        env:
-          SKIP_PACKAGE_TRIGGER: ${{ vars.SKIP_PACKAGE_TRIGGER }}
         run: |
-          printf "# Package trigger scheduler for docker-heimdall\n\n" >> $GITHUB_STEP_SUMMARY
-          printf "Found the branches:\n\n%s\n" "$(git for-each-ref --format='- %(refname:lstrip=3)' refs/remotes)" >> $GITHUB_STEP_SUMMARY
-          for br in $(git for-each-ref --format='%(refname:lstrip=3)' refs/remotes)
+          echo "**** Branches found: ****"
+          git for-each-ref --format='%(refname:short)' refs/remotes
+          echo "**** Pulling the yq docker image ****"
+          docker pull ghcr.io/linuxserver/yq
+          for br in $(git for-each-ref --format='%(refname:short)' refs/remotes)
           do
-            if [[ "${br}" == "HEAD" ]]; then
-              printf "\nSkipping %s.\n" ${br} >> $GITHUB_STEP_SUMMARY
-              continue
-            fi
-            printf "\n## Evaluating \`%s\`\n\n" ${br} >> $GITHUB_STEP_SUMMARY
-            JENKINS_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml)
-            if ! curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/Jenkinsfile >/dev/null 2>&1; then
-              echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-              echo "> No Jenkinsfile found. Branch is either deprecated or is an early dev branch." >> $GITHUB_STEP_SUMMARY
-              skipped_branches="${skipped_branches}${br} "
-            elif [[ "${br}" == $(yq -r '.ls_branch' <<< "${JENKINS_VARS}") ]]; then
-              echo "Branch appears to be live; checking workflow." >> $GITHUB_STEP_SUMMARY
-              README_VARS=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/readme-vars.yml)
-              if [[ $(yq -r '.project_deprecation_status' <<< "${README_VARS}") == "true" ]]; then
-                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                echo "> Branch appears to be deprecated; skipping trigger." >> $GITHUB_STEP_SUMMARY
-                skipped_branches="${skipped_branches}${br} "
-              elif [[ $(yq -r '.skip_package_check' <<< "${JENKINS_VARS}") == "true" ]]; then
-                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                echo "> Skipping branch ${br} due to \`skip_package_check\` being set in \`jenkins-vars.yml\`." >> $GITHUB_STEP_SUMMARY
-                skipped_branches="${skipped_branches}${br} "
-              elif grep -q "^heimdall_${br}" <<< "${SKIP_PACKAGE_TRIGGER}"; then
-                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                echo "> Github organizational variable \`SKIP_PACKAGE_TRIGGER\` contains \`heimdall_${br}\`; skipping trigger." >> $GITHUB_STEP_SUMMARY
-                skipped_branches="${skipped_branches}${br} "
-              elif [ $(curl -s https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/${br}/lastBuild/api/json | jq -r '.building' 2>/dev/null) == "true" ]; then
-                echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                echo "> There already seems to be an active build on Jenkins; skipping package trigger for ${br}" >> $GITHUB_STEP_SUMMARY
-                skipped_branches="${skipped_branches}${br} "
-              else
-                echo "> [!NOTE]" >> $GITHUB_STEP_SUMMARY
-                echo "> Triggering package trigger for branch ${br}" >> $GITHUB_STEP_SUMMARY
-                printf "> To disable, add \`heimdall_%s\` into the Github organizational variable \`SKIP_PACKAGE_TRIGGER\`.\n\n" "${br}" >> $GITHUB_STEP_SUMMARY
+            br=$(echo "$br" | sed 's|origin/||g')
+            echo "**** Evaluating branch ${br} ****"
+            ls_branch=$(curl -sX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/jenkins-vars.yml \
+              | docker run --rm -i --entrypoint yq ghcr.io/linuxserver/yq -r .ls_branch)
+            if [ "${br}" == "${ls_branch}" ]; then
+              echo "**** Branch ${br} appears to be live; checking workflow. ****"
+              if curl -sfX GET https://raw.githubusercontent.com/linuxserver/docker-heimdall/${br}/.github/workflows/package_trigger.yml > /dev/null 2>&1; then
+                echo "**** Workflow exists. Triggering package trigger workflow for branch ${br}. ****"
                 triggered_branches="${triggered_branches}${br} "
-                response=$(curl -iX POST \
-                  https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/${br}/buildWithParameters?PACKAGE_CHECK=true \
-                  --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} | grep -i location | sed "s|^[L|l]ocation: \(.*\)|\1|")
-                if [[ -z "${response}" ]]; then
-                  echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                  echo "> Jenkins build could not be triggered. Skipping branch."
-                  continue
-                fi
-                echo "Jenkins [job queue url](${response%$'\r'})" >> $GITHUB_STEP_SUMMARY
-                echo "Sleeping 10 seconds until job starts" >> $GITHUB_STEP_SUMMARY
-                sleep 10
-                buildurl=$(curl -s "${response%$'\r'}api/json" | jq -r '.executable.url')
-                buildurl="${buildurl%$'\r'}"
-                echo "Jenkins job [build url](${buildurl})" >> $GITHUB_STEP_SUMMARY
-                echo "Attempting to change the Jenkins job description" >> $GITHUB_STEP_SUMMARY
-                if ! curl -ifX POST \
-                  "${buildurl}submitDescription" \
-                  --user ${{ secrets.JENKINS_USER }}:${{ secrets.JENKINS_TOKEN }} \
-                  --data-urlencode "description=GHA package trigger https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}" \
-                  --data-urlencode "Submit=Submit"; then
-                  echo "> [!WARNING]" >> $GITHUB_STEP_SUMMARY
-                  echo "> Unable to change the Jenkins job description."
-                fi
-                sleep 20
+                curl -iX POST \
+                  -H "Authorization: token ${{ secrets.CR_PAT }}" \
+                  -H "Accept: application/vnd.github.v3+json" \
+                  -d "{\"ref\":\"refs/heads/${br}\"}" \
+                  https://api.github.com/repos/linuxserver/docker-heimdall/actions/workflows/package_trigger.yml/dispatches
+                sleep 30
+              else
+                echo "**** Workflow doesn't exist; skipping trigger. ****"
               fi
             else
-              echo "Skipping branch ${br} due to being detected as dev branch." >> $GITHUB_STEP_SUMMARY
+              echo "**** ${br} appears to be a dev branch; skipping trigger. ****"
             fi
           done
-          if [[ -n "${triggered_branches}" ]] || [[ -n "${skipped_branches}" ]]; then
-            if [[ -n "${triggered_branches}" ]]; then
-              NOTIFY_BRANCHES="**Triggered:** ${triggered_branches} \n"
-              NOTIFY_BUILD_URL="**Build URL:** https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-heimdall/activity/ \n"
-              echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
-            fi
-            if [[ -n "${skipped_branches}" ]]; then
-              NOTIFY_BRANCHES="${NOTIFY_BRANCHES}**Skipped:** ${skipped_branches} \n"
-            fi
-            echo "**** Notifying Discord ****"
-            curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
-              "description": "**Package Check Build(s) for heimdall** \n'"${NOTIFY_BRANCHES}"''"${NOTIFY_BUILD_URL}"'"}],
-              "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}
-          fi
+          echo "**** Package check build(s) triggered for branch(es): ${triggered_branches} ****"
+          echo "**** Notifying Discord ****"
+          curl -X POST -H "Content-Type: application/json" --data '{"avatar_url": "https://cdn.discordapp.com/avatars/354986384542662657/df91181b3f1cf0ef1592fbe18e0962d7.png","embeds": [{"color": 9802903,
+            "description": "**Package Check Build(s) Triggered for heimdall** \n**Branch(es):** '"${triggered_branches}"' \n**Build URL:** '"https://ci.linuxserver.io/blue/organizations/jenkins/Docker-Pipeline-Builders%2Fdocker-heimdall/activity/"' \n"}],
+            "username": "Github Actions"}' ${{ secrets.DISCORD_WEBHOOK }}

.github/workflows/permissions.yml

@@ -1,12 +0,0 @@
-name: Permission check
-on:
-  pull_request_target:
-    paths:
-      - '**/run'
-      - '**/finish'
-      - '**/check'
-      - 'root/migrations/*'
-
-jobs:
-  permission_check:
-    uses: linuxserver/github-workflows/.github/workflows/init-svc-executable-permissions.yml@v1

.github/workflows/stale.yml

@@ -0,0 +1,23 @@
+name: Mark stale issues and pull requests
+
+on:
+  schedule:
+  - cron: "30 1 * * *"
+
+jobs:
+  stale:
+
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/stale@v6.0.1
+      with:
+        stale-issue-message: "This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
+        stale-pr-message: "This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions."
+        stale-issue-label: 'no-issue-activity'
+        stale-pr-label: 'no-pr-activity'
+        days-before-stale: 30
+        days-before-close: 365
+        exempt-issue-labels: 'awaiting-approval,work-in-progress'
+        exempt-pr-labels: 'awaiting-approval,work-in-progress'
+        repo-token: ${{ secrets.GITHUB_TOKEN }}

Dockerfile

@@ -1,6 +1,4 @@
-# syntax=docker/dockerfile:1
-
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.22
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:3.15
 
 # set version label
 ARG BUILD_DATE
@@ -9,44 +7,32 @@ ARG HEIMDALL_RELEASE
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="aptalca"
 
+# environment settings
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
+
 RUN \
   echo "**** install runtime packages ****" && \
-  apk add --no-cache \
-    php84-dom \
-    php84-intl \
-    php84-opcache \
-    php84-pdo_mysql \
-    php84-pdo_pgsql \
-    php84-pdo_sqlite \
-    php84-tokenizer && \
-  echo "**** configure nginx ****" && \
-  echo 'fastcgi_param  PHP_AUTH_USER      $remote_user; # Heimdall user authorization' >> \
-    /etc/nginx/fastcgi_params && \
-  echo 'fastcgi_param  PHP_AUTH_PW        $http_authorization; # Heimdall user authorization' >> \
-    /etc/nginx/fastcgi_params && \
-  echo "**** configure php opcache ****" && \
-  echo 'opcache.validate_timestamps=0' >> \
-    /etc/php84/conf.d/00_opcache.ini && \
-  echo "**** configure php-fpm to pass env vars ****" && \
-  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \
-  if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \
-  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php84/php-fpm.conf && \
+  apk add --no-cache --upgrade \
+    curl \
+    php8-ctype \
+    php8-curl \
+    php8-intl \
+    php8-pdo_pgsql \
+    php8-pdo_sqlite \
+    php8-pdo_mysql \
+    php8-tokenizer \
+    php8-zip \
+    tar && \
   echo "**** install heimdall ****" && \
   mkdir -p \
     /heimdall && \
   if [ -z ${HEIMDALL_RELEASE+x} ]; then \
-    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/commits/2.x" \
-    | awk '/sha/{print $4;exit}' FS='[""]'); \
+    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
   fi && \
   curl -o \
-    /tmp/heimdall.tar.gz -L \
+    /heimdall/heimdall.tar.gz -L \
     "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
-  mkdir -p \
-    /app/www-tmp && \
-  tar xf \
-    /tmp/heimdall.tar.gz -C \
-    /app/www-tmp --strip-components=1 && \
-  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   rm -rf \
     /tmp/*

Dockerfile.aarch64

@@ -1,6 +1,4 @@
-# syntax=docker/dockerfile:1
-
-FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.22
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm64v8-3.15
 
 # set version label
 ARG BUILD_DATE
@@ -9,44 +7,32 @@ ARG HEIMDALL_RELEASE
 LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
 LABEL maintainer="aptalca"
 
+# environment settings
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
+
 RUN \
   echo "**** install runtime packages ****" && \
-  apk add --no-cache \
-    php84-dom \
-    php84-intl \
-    php84-opcache \
-    php84-pdo_mysql \
-    php84-pdo_pgsql \
-    php84-pdo_sqlite \
-    php84-tokenizer && \
-  echo "**** configure nginx ****" && \
-  echo 'fastcgi_param  PHP_AUTH_USER      $remote_user; # Heimdall user authorization' >> \
-    /etc/nginx/fastcgi_params && \
-  echo 'fastcgi_param  PHP_AUTH_PW        $http_authorization; # Heimdall user authorization' >> \
-    /etc/nginx/fastcgi_params && \
-  echo "**** configure php opcache ****" && \
-  echo 'opcache.validate_timestamps=0' >> \
-    /etc/php84/conf.d/00_opcache.ini && \
-  echo "**** configure php-fpm to pass env vars ****" && \
-  sed -E -i 's/^;?clear_env ?=.*$/clear_env = no/g' /etc/php84/php-fpm.d/www.conf && \
-  if ! grep -qxF 'clear_env = no' /etc/php84/php-fpm.d/www.conf; then echo 'clear_env = no' >> /etc/php84/php-fpm.d/www.conf; fi && \
-  echo "env[PATH] = /usr/local/bin:/usr/bin:/bin" >> /etc/php84/php-fpm.conf && \
+  apk add --no-cache --upgrade \
+    curl \
+    php8-ctype \
+    php8-curl \
+    php8-intl \
+    php8-pdo_pgsql \
+    php8-pdo_sqlite \
+    php8-pdo_mysql \
+    php8-tokenizer \
+    php8-zip \
+    tar && \
   echo "**** install heimdall ****" && \
   mkdir -p \
     /heimdall && \
   if [ -z ${HEIMDALL_RELEASE+x} ]; then \
-    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/commits/2.x" \
-    | awk '/sha/{print $4;exit}' FS='[""]'); \
+    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
   fi && \
   curl -o \
-    /tmp/heimdall.tar.gz -L \
+    /heimdall/heimdall.tar.gz -L \
     "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
-  mkdir -p \
-    /app/www-tmp && \
-  tar xf \
-    /tmp/heimdall.tar.gz -C \
-    /app/www-tmp --strip-components=1 && \
-  printf "Linuxserver.io version: ${VERSION}\nBuild-date: ${BUILD_DATE}" > /build_version && \
   echo "**** cleanup ****" && \
   rm -rf \
     /tmp/*

Dockerfile.armhf

@@ -0,0 +1,45 @@
+FROM ghcr.io/linuxserver/baseimage-alpine-nginx:arm32v7-3.15
+
+# set version label
+ARG BUILD_DATE
+ARG VERSION
+ARG HEIMDALL_RELEASE
+LABEL build_version="Linuxserver.io version:- ${VERSION} Build-date:- ${BUILD_DATE}"
+LABEL maintainer="aptalca"
+
+# environment settings
+ENV S6_BEHAVIOUR_IF_STAGE2_FAILS=2
+
+RUN \
+  echo "**** install runtime packages ****" && \
+  apk add --no-cache --upgrade \
+    curl \
+    php8-ctype \
+    php8-curl \
+    php8-intl \
+    php8-pdo_pgsql \
+    php8-pdo_sqlite \
+    php8-pdo_mysql \
+    php8-tokenizer \
+    php8-zip \
+    tar && \
+  echo "**** install heimdall ****" && \
+  mkdir -p \
+    /heimdall && \
+  if [ -z ${HEIMDALL_RELEASE+x} ]; then \
+    HEIMDALL_RELEASE=$(curl -sX GET "https://api.github.com/repos/linuxserver/Heimdall/releases/latest" \
+    | awk '/tag_name/{print $4;exit}' FS='[""]'); \
+  fi && \
+  curl -o \
+    /heimdall/heimdall.tar.gz -L \
+    "https://github.com/linuxserver/Heimdall/archive/${HEIMDALL_RELEASE}.tar.gz" && \
+  echo "**** cleanup ****" && \
+  rm -rf \
+    /tmp/*
+
+# add local files
+COPY root/ /
+
+# ports and volumes
+EXPOSE 80 443
+VOLUME /config

README.md

@@ -1,10 +1,12 @@
-<!-- DO NOT EDIT THIS FILE MANUALLY -->
-<!-- Please read https://github.com/linuxserver/docker-heimdall/blob/development/.github/CONTRIBUTING.md -->
+<!-- DO NOT EDIT THIS FILE MANUALLY  -->
+<!-- Please read the https://github.com/linuxserver/docker-heimdall/blob/master/.github/CONTRIBUTING.md -->
+
 [![linuxserver.io](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/linuxserver_medium.png)](https://linuxserver.io)
 
 [![Blog](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Blog)](https://blog.linuxserver.io "all the things you can do with our containers including How-To guides, opinions and much more!")
-[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://linuxserver.io/discord "realtime support / chat with the community and the team.")
+[![Discord](https://img.shields.io/discord/354974912613449730.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Discord&logo=discord)](https://discord.gg/YWrKVTn "realtime support / chat with the community and the team.")
 [![Discourse](https://img.shields.io/discourse/https/discourse.linuxserver.io/topics.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=discourse)](https://discourse.linuxserver.io "post on our community forum.")
+[![Fleet](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Fleet)](https://fleet.linuxserver.io "an online web interface which displays all of our maintained images.")
 [![GitHub](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub&logo=github)](https://github.com/linuxserver "view the source for all of our repositories.")
 [![Open Collective](https://img.shields.io/opencollective/all/linuxserver.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=Supporters&logo=open%20collective)](https://opencollective.com/linuxserver "please consider helping us by either donating or contributing to our budget")
 
@@ -19,14 +21,15 @@ The [LinuxServer.io](https://linuxserver.io) team brings you another container r
 Find us at:
 
 * [Blog](https://blog.linuxserver.io) - all the things you can do with our containers including How-To guides, opinions and much more!
-* [Discord](https://linuxserver.io/discord) - realtime support / chat with the community and the team.
+* [Discord](https://discord.gg/YWrKVTn) - realtime support / chat with the community and the team.
 * [Discourse](https://discourse.linuxserver.io) - post on our community forum.
+* [Fleet](https://fleet.linuxserver.io) - an online web interface which displays all of our maintained images.
 * [GitHub](https://github.com/linuxserver) - view the source for all of our repositories.
 * [Open Collective](https://opencollective.com/linuxserver) - please consider helping us by either donating or contributing to our budget
 
 # [linuxserver/heimdall](https://github.com/linuxserver/docker-heimdall)
 
-[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fheimdall?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh)
+[![Scarf.io pulls](https://scarf.sh/installs-badge/linuxserver-ci/linuxserver%2Fheimdall?color=94398d&label-color=555555&logo-color=ffffff&style=for-the-badge&package-type=docker)](https://scarf.sh/gateway/linuxserver-ci/docker/linuxserver%2Fheimdall)
 [![GitHub Stars](https://img.shields.io/github/stars/linuxserver/docker-heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-heimdall)
 [![GitHub Release](https://img.shields.io/github/release/linuxserver/docker-heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&logo=github)](https://github.com/linuxserver/docker-heimdall/releases)
 [![GitHub Package Repository](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=GitHub%20Package&logo=github)](https://github.com/linuxserver/docker-heimdall/packages)
@@ -34,22 +37,20 @@ Find us at:
 [![Quay.io](https://img.shields.io/static/v1.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=linuxserver.io&message=Quay.io)](https://quay.io/repository/linuxserver.io/heimdall)
 [![Docker Pulls](https://img.shields.io/docker/pulls/linuxserver/heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=pulls&logo=docker)](https://hub.docker.com/r/linuxserver/heimdall)
 [![Docker Stars](https://img.shields.io/docker/stars/linuxserver/heimdall.svg?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=stars&logo=docker)](https://hub.docker.com/r/linuxserver/heimdall)
-[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-heimdall%2Fjob%2Fdevelopment%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/development/)
-[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fheimdall%2Fdevelopment%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/heimdall/development/index.html)
+[![Jenkins Build](https://img.shields.io/jenkins/build?labelColor=555555&logoColor=ffffff&style=for-the-badge&jobUrl=https%3A%2F%2Fci.linuxserver.io%2Fjob%2FDocker-Pipeline-Builders%2Fjob%2Fdocker-heimdall%2Fjob%2Fmaster%2F&logo=jenkins)](https://ci.linuxserver.io/job/Docker-Pipeline-Builders/job/docker-heimdall/job/master/)
+[![LSIO CI](https://img.shields.io/badge/dynamic/yaml?color=94398d&labelColor=555555&logoColor=ffffff&style=for-the-badge&label=CI&query=CI&url=https%3A%2F%2Fci-tests.linuxserver.io%2Flinuxserver%2Fheimdall%2Flatest%2Fci-status.yml)](https://ci-tests.linuxserver.io/linuxserver/heimdall/latest/index.html)
 
 [Heimdall](https://heimdall.site) is a way to organise all those links to your most used web sites and web applications in a simple way.
-
 Simplicity is the key to Heimdall.
-
 Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.
 
 [![heimdall](https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/heimdall-banner.png)](https://heimdall.site)
 
 ## Supported Architectures
 
-We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://distribution.github.io/distribution/spec/manifest-v2-2/#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
+We utilise the docker manifest for multi-platform awareness. More information is available from docker [here](https://github.com/docker/distribution/blob/master/docs/spec/manifest-v2-2.md#manifest-list) and our announcement [here](https://blog.linuxserver.io/2019/02/21/the-lsio-pipeline-project/).
 
-Simply pulling `lscr.io/linuxserver/heimdall:development` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
+Simply pulling `lscr.io/linuxserver/heimdall:latest` should retrieve the correct image for your arch, but you can also pull specific arch images via tags.
 
 The architectures supported by this image are:
 
@@ -57,6 +58,7 @@ The architectures supported by this image are:
 | :----: | :----: | ---- |
 | x86-64 | ✅ | amd64-\<version tag\> |
 | arm64 | ✅ | arm64v8-\<version tag\> |
+| armhf| ✅ | arm32v7-\<version tag\> |
 
 ## Version Tags
 
@@ -71,32 +73,30 @@ This image provides various versions that are available via tags. Please read th
 
 Access the web gui at http://SERVERIP:PORT
 
+
 ### Adding password protection
 
 This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container.
 
 ## Usage
 
-To help you get started creating a container from this image you can either use docker-compose or the docker cli.
-
->[!NOTE]
->Unless a parameter is flagged as 'optional', it is *mandatory* and a value must be provided.
+Here are some example snippets to help you get started creating a container.
 
 ### docker-compose (recommended, [click here for more info](https://docs.linuxserver.io/general/docker-compose))
 
 ```yaml
 ---
+version: "2.1"
 services:
   heimdall:
-    image: lscr.io/linuxserver/heimdall:development
+    image: lscr.io/linuxserver/heimdall:latest
     container_name: heimdall
     environment:
       - PUID=1000
       - PGID=1000
-      - TZ=Etc/UTC
-      - ALLOW_INTERNAL_REQUESTS=false #optional
+      - TZ=Europe/London
     volumes:
-      - /path/to/heimdall/config:/config
+      - /path/to/appdata/config:/config
     ports:
       - 80:80
       - 443:443
@@ -110,28 +110,26 @@ docker run -d \
   --name=heimdall \
   -e PUID=1000 \
   -e PGID=1000 \
-  -e TZ=Etc/UTC \
-  -e ALLOW_INTERNAL_REQUESTS=false `#optional` \
+  -e TZ=Europe/London \
   -p 80:80 \
   -p 443:443 \
-  -v /path/to/heimdall/config:/config \
+  -v /path/to/appdata/config:/config \
   --restart unless-stopped \
-  lscr.io/linuxserver/heimdall:development
+  lscr.io/linuxserver/heimdall:latest
 ```
 
 ## Parameters
 
-Containers are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
+Container images are configured using parameters passed at runtime (such as those above). These parameters are separated by a colon and indicate `<external>:<internal>` respectively. For example, `-p 8080:80` would expose port `80` from inside the container to be accessible from the host's IP on port `8080` outside the container.
 
 | Parameter | Function |
 | :----: | --- |
-| `-p 80:80` | http gui |
-| `-p 443:443` | https gui |
+| `-p 80` | http gui |
+| `-p 443` | https gui |
 | `-e PUID=1000` | for UserID - see below for explanation |
 | `-e PGID=1000` | for GroupID - see below for explanation |
-| `-e TZ=Etc/UTC` | specify a timezone to use, see this [list](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones#List). |
-| `-e ALLOW_INTERNAL_REQUESTS=false` | By default, Heimdall blocks lookup requests to private or reserved IP addresses, if your instance is not exposed to the internet, or is behind some level of authentication, you can set this to `true` to allow requests to private IP addresses. |
-| `-v /config` | Persistent config files |
+| `-e TZ=Europe/London` | Specify a timezone to use EG Europe/London |
+| `-v /config` | Contains all relevant configuration files. |
 
 ## Environment variables from files (Docker secrets)
 
@@ -140,10 +138,10 @@ You can set any environment variable from a file by using a special prepend `FIL
 As an example:
 
 ```bash
--e FILE__MYVAR=/run/secrets/mysecretvariable
+-e FILE__PASSWORD=/run/secrets/mysecretpassword
 ```
 
-Will set the environment variable `MYVAR` based on the contents of the `/run/secrets/mysecretvariable` file.
+Will set the environment variable `PASSWORD` based on the contents of the `/run/secrets/mysecretpassword` file.
 
 ## Umask for running applications
 
@@ -152,20 +150,15 @@ Keep in mind umask is not chmod it subtracts from permissions based on it's valu
 
 ## User / Group Identifiers
 
-When using volumes (`-v` flags), permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
+When using volumes (`-v` flags) permissions issues can arise between the host OS and the container, we avoid this issue by allowing you to specify the user `PUID` and group `PGID`.
 
 Ensure any volume directories on the host are owned by the same user you specify and any permissions issues will vanish like magic.
 
-In this instance `PUID=1000` and `PGID=1000`, to find yours use `id your_user` as below:
+In this instance `PUID=1000` and `PGID=1000`, to find yours use `id user` as below:
 
 ```bash
-id your_user
-```
-
-Example output:
-
-```text
-uid=1000(your_user) gid=1000(your_user) groups=1000(your_user)
+  $ id username
+    uid=1000(dockeruser) gid=1000(dockergroup) groups=1000(dockergroup)
 ```
 
 ## Docker Mods
@@ -176,101 +169,53 @@ We publish various [Docker Mods](https://github.com/linuxserver/docker-mods) to
 
 ## Support Info
 
-* Shell access whilst the container is running:
-
-    ```bash
-    docker exec -it heimdall /bin/bash
-    ```
-
-* To monitor the logs of the container in realtime:
-
-    ```bash
-    docker logs -f heimdall
-    ```
-
-* Container version number:
-
-    ```bash
-    docker inspect -f '{{ index .Config.Labels "build_version" }}' heimdall
-    ```
-
-* Image version number:
-
-    ```bash
-    docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/heimdall:development
-    ```
+* Shell access whilst the container is running: `docker exec -it heimdall /bin/bash`
+* To monitor the logs of the container in realtime: `docker logs -f heimdall`
+* container version number
+  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' heimdall`
+* image version number
+  * `docker inspect -f '{{ index .Config.Labels "build_version" }}' lscr.io/linuxserver/heimdall:latest`
 
 ## Updating Info
 
-Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (noted in the relevant readme.md), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
+Most of our images are static, versioned, and require an image update and container recreation to update the app inside. With some exceptions (ie. nextcloud, plex), we do not recommend or support updating apps inside the container. Please consult the [Application Setup](#application-setup) section above to see if it is recommended for the image.
 
 Below are the instructions for updating containers:
 
 ### Via Docker Compose
 
-* Update images:
-    * All images:
-
-        ```bash
-        docker-compose pull
-        ```
-
-    * Single image:
-
-        ```bash
-        docker-compose pull heimdall
-        ```
-
-* Update containers:
-    * All containers:
-
-        ```bash
-        docker-compose up -d
-        ```
-
-    * Single container:
-
-        ```bash
-        docker-compose up -d heimdall
-        ```
-
-* You can also remove the old dangling images:
-
-    ```bash
-    docker image prune
-    ```
+* Update all images: `docker-compose pull`
+  * or update a single image: `docker-compose pull heimdall`
+* Let compose update all containers as necessary: `docker-compose up -d`
+  * or update a single container: `docker-compose up -d heimdall`
+* You can also remove the old dangling images: `docker image prune`
 
 ### Via Docker Run
 
-* Update the image:
-
-    ```bash
-    docker pull lscr.io/linuxserver/heimdall:development
-    ```
-
-* Stop the running container:
-
-    ```bash
-    docker stop heimdall
-    ```
-
-* Delete the container:
-
-    ```bash
-    docker rm heimdall
-    ```
-
+* Update the image: `docker pull lscr.io/linuxserver/heimdall:latest`
+* Stop the running container: `docker stop heimdall`
+* Delete the container: `docker rm heimdall`
 * Recreate a new container with the same docker run parameters as instructed above (if mapped correctly to a host folder, your `/config` folder and settings will be preserved)
-* You can also remove the old dangling images:
+* You can also remove the old dangling images: `docker image prune`
 
-    ```bash
-    docker image prune
-    ```
+### Via Watchtower auto-updater (only use if you don't remember the original parameters)
+
+* Pull the latest image at its tag and replace it with the same env variables in one run:
+
+  ```bash
+  docker run --rm \
+  -v /var/run/docker.sock:/var/run/docker.sock \
+  containrrr/watchtower \
+  --run-once heimdall
+  ```
+
+* You can also remove the old dangling images: `docker image prune`
+
+**Note:** We do not endorse the use of Watchtower as a solution to automated updates of existing Docker containers. In fact we generally discourage automated updates. However, this is a useful tool for one-time manual updates of containers where you have forgotten the original parameters. In the long term, we highly recommend using [Docker Compose](https://docs.linuxserver.io/general/docker-compose).
 
 ### Image Update Notifications - Diun (Docker Image Update Notifier)
 
->[!TIP]
->We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
+* We recommend [Diun](https://crazymax.dev/diun/) for update notifications. Other tools that automatically update containers unattended are not recommended or supported.
 
 ## Building locally
 
@@ -282,39 +227,37 @@ cd docker-heimdall
 docker build \
   --no-cache \
   --pull \
-  -t lscr.io/linuxserver/heimdall:development .
+  -t lscr.io/linuxserver/heimdall:latest .
 ```
 
-The ARM variants can be built on x86_64 hardware and vice versa using `lscr.io/linuxserver/qemu-static`
+The ARM variants can be built on x86_64 hardware using `multiarch/qemu-user-static`
 
 ```bash
-docker run --rm --privileged lscr.io/linuxserver/qemu-static --reset
+docker run --rm --privileged multiarch/qemu-user-static:register --reset
 ```
 
 Once registered you can define the dockerfile to use with `-f Dockerfile.aarch64`.
 
 ## Versions
 
-* **17.07.25:** - Rebase to Alpine 3.22, enable PHP environment passthrough.
-* **27.06.24:** - Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings.
-* **07.03.24:** - Enable the opcache and disable file revalidation.
-* **06.03.24:** - Existing users should update: site-confs/default.conf - Cleanup default site conf.
-* **23.12.23:** - Rebase to Alpine 3.19 with php 8.3.
-* **25.05.23:** - Rebase to Alpine 3.18, deprecate armhf.
-* **13.04.23:** - Move ssl.conf include to default.conf.
-* **20.01.23:** - Rebase to alpine 3.17 with php8.1.
 * **14.11.22:** - Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base)).
-* **04.11.22:** - Build commits to upstream branch 2.x.
+* **04.11.22:** - Build commits to upstream branch 2.x for the `development` tag.
 * **13.03.21:** - Make searchproviders.yaml user configurable.
-* **11.03.21:** - Rebase to alpine 3.14.
 * **10.02.21:** - Revert to alpine 3.12 as php 7.4 broke laravel.
 * **10.02.21:** - Rebasing to alpine 3.13.
+* **17.08.20:** - Add php7-curl.
 * **01.06.20:** - Rebasing to alpine 3.12.
+* **17.01.20:** - Use nginx from baseimage.
 * **19.12.19:** - Rebasing to alpine 3.11.
-* **15.07.19:** - Save laravel.log to /config, install heimdall during first start.
+* **16.07.19:** - Save laravel.log to /config/log/heimdall.
 * **28.06.19:** - Rebasing to alpine 3.10.
+* **01.04.19:** - Fix permission detect logic.
+* **26.03.19:** - Install Heimdall during container start to prevent delayed start due to overlayfs bug with recursive chown.
 * **23.03.19:** - Switching to new Base images, shift to arm32v7 tag.
+* **15.03.19:** - Clarify docker image tags in readme.
 * **22.02.19:** - Rebasing to alpine 3.9.
+* **16.01.18:** - Generate random app key in .env for new installs.
+* **20.11.18:** - Upgrade baseimage packages during build.
 * **04.11.18:** - Add php7-zip.
 * **31.10.18:** - Add queue service.
 * **17.10.18:** - Symlink avatars folder.

jenkins-vars.yml

@@ -2,10 +2,10 @@
 
 # jenkins variables
 project_name: docker-heimdall
-external_type: github_commit
-release_type: prerelease
-release_tag: development
-ls_branch: development
+external_type: github_stable
+release_type: stable
+release_tag: latest
+ls_branch: master
 repo_vars:
   - EXT_GIT_BRANCH = '2.x'
   - EXT_USER = 'linuxserver'
@@ -24,6 +24,6 @@ repo_vars:
   - CI_PORT='80'
   - CI_SSL='false'
   - CI_DELAY='120'
-  - CI_DOCKERENV=''
-  - CI_AUTH=''
+  - CI_DOCKERENV='TZ=US/Pacific'
+  - CI_AUTH='user:password'
   - CI_WEBPATH=''

package_versions.txt

@@ -1,245 +1,83 @@
-NAME                                VERSION           TYPE           
-Hidden Input                        1, 0, 0, 0        binary          
-acl-libs                            2.3.2-r1          apk             
-alpine-baselayout                   3.7.0-r0          apk             
-alpine-baselayout-data              3.7.0-r0          apk             
-alpine-keys                         2.5-r0            apk             
-alpine-release                      3.22.3-r0         apk             
-apache2-utils                       2.4.66-r0         apk             
-apk-tools                           2.14.9-r3         apk             
-apr                                 1.7.5-r0          apk             
-apr-util                            1.6.3-r1          apk             
-argon2-libs                         20190702-r5       apk             
-aws/aws-crt-php                     v1.2.7            php-composer    
-aws/aws-sdk-php                     3.349.3           php-composer    
-barryvdh/laravel-ide-helper         v3.5.5            php-composer    
-barryvdh/reflection-docblock        v2.3.1            php-composer    
-bash                                5.2.37-r0         apk             
-brick/math                          0.12.3            php-composer    
-brotli-libs                         1.1.0-r2          apk             
-busybox                             1.37.0-r20        apk             
-busybox-binsh                       1.37.0-r20        apk             
-c-ares                              1.34.6-r0         apk             
-ca-certificates                     20250911-r0       apk             
-ca-certificates-bundle              20250911-r0       apk             
-carbonphp/carbon-doctrine-types     3.2.0             php-composer    
-catatonit                           0.2.1-r0          apk             
-clue/stream-filter                  v1.7.0            php-composer    
-composer                            2.9.5             binary          
-composer/class-map-generator        1.6.1             php-composer    
-composer/pcre                       3.3.2             php-composer    
-coreutils                           9.7-r1            apk             
-coreutils-env                       9.7-r1            apk             
-coreutils-fmt                       9.7-r1            apk             
-coreutils-sha512sum                 9.7-r1            apk             
-curl                                8.14.1-r2         apk             
-dflydev/dot-access-data             v3.0.3            php-composer    
-doctrine/inflector                  2.0.10            php-composer    
-doctrine/lexer                      3.0.1             php-composer    
-dragonmantank/cron-expression       v3.4.0            php-composer    
-egulias/email-validator             4.0.4             php-composer    
-enshrined/svg-sanitize              0.21.0            php-composer    
-fakerphp/faker                      v1.24.1           php-composer    
-filp/whoops                         2.18.3            php-composer    
-findutils                           4.10.0-r0         apk             
-fruitcake/php-cors                  v1.3.0            php-composer    
-git                                 2.49.1-r0         apk             
-git-init-template                   2.49.1-r0         apk             
-graham-campbell/bounded-cache       v3.0.0            php-composer    
-graham-campbell/github              v12.8.0           php-composer    
-graham-campbell/manager             v5.2.0            php-composer    
-graham-campbell/result-type         v1.1.3            php-composer    
-guzzlehttp/guzzle                   7.9.3             php-composer    
-guzzlehttp/promises                 2.2.0             php-composer    
-guzzlehttp/psr7                     2.7.1             php-composer    
-guzzlehttp/uri-template             v1.0.4            php-composer    
-hamcrest/hamcrest-php               v2.1.1            php-composer    
-icu-data-en                         76.1-r1           apk             
-icu-libs                            76.1-r1           apk             
-jq                                  1.8.1-r0          apk             
-knplabs/github-api                  v3.16.0           php-composer    
-laravel/framework                   v11.45.1          php-composer    
-laravel/prompts                     v0.3.6            php-composer    
-laravel/serializable-closure        v2.0.4            php-composer    
-laravel/tinker                      v2.10.1           php-composer    
-laravel/ui                          v4.6.1            php-composer    
-lcobucci/jwt                        5.5.0             php-composer    
-league/commonmark                   2.7.0             php-composer    
-league/config                       v1.2.0            php-composer    
-league/flysystem                    3.30.0            php-composer    
-league/flysystem-aws-s3-v3          3.29.0            php-composer    
-league/flysystem-local              3.30.0            php-composer    
-league/mime-type-detection          1.16.0            php-composer    
-league/uri                          7.5.1             php-composer    
-league/uri-interfaces               7.5.0             php-composer    
-libapk2                             2.14.9-r3         apk             
-libattr                             2.5.2-r2          apk             
-libbsd                              0.12.2-r0         apk             
-libbz2                              1.0.8-r6          apk             
-libcrypto3                          3.5.5-r0          apk             
-libcurl                             8.14.1-r2         apk             
-libedit                             20250104.3.1-r1   apk             
-libexpat                            2.7.4-r0          apk             
-libgcc                              14.2.0-r6         apk             
-libidn2                             2.3.7-r0          apk             
-libintl                             0.24.1-r0         apk             
-libmd                               1.1.0-r0          apk             
-libncursesw                         6.5_p20250503-r0  apk             
-libpq                               17.8-r0           apk             
-libproc2                            4.0.4-r3          apk             
-libpsl                              0.21.5-r3         apk             
-libssl3                             3.5.5-r0          apk             
-libstdc++                           14.2.0-r6         apk             
-libunistring                        1.3-r0            apk             
-libuuid                             2.41-r9           apk             
-libxml2                             2.13.9-r0         apk             
-libzip                              1.11.4-r0         apk             
-linux-pam                           1.7.0-r4          apk             
-logrotate                           3.21.0-r1         apk             
-mockery/mockery                     1.6.12            php-composer    
-monolog/monolog                     3.9.0             php-composer    
-mtdowling/jmespath.php              2.8.0             php-composer    
-musl                                1.2.5-r10         apk             
-musl-utils                          1.2.5-r10         apk             
-myclabs/deep-copy                   1.13.3            php-composer    
-nano                                8.4-r0            apk             
-ncurses-terminfo-base               6.5_p20250503-r0  apk             
-nesbot/carbon                       3.10.1            php-composer    
-netcat-openbsd                      1.229.1-r0        apk             
-nette/schema                        v1.3.2            php-composer    
-nette/utils                         v4.0.7            php-composer    
-nghttp2-libs                        1.65.0-r0         apk             
-nginx                               1.28.2-r0         apk             
-nikic/php-parser                    v5.5.0            php-composer    
-nunomaduro/collision                v8.5.0            php-composer    
-nunomaduro/termwind                 v2.3.1            php-composer    
-oniguruma                           6.9.10-r0         apk             
-openssl                             3.5.5-r0          apk             
-pcre2                               10.46-r0          apk             
-phar-io/manifest                    2.0.4             php-composer    
-phar-io/version                     3.2.1             php-composer    
-php-http/cache-plugin               2.0.1             php-composer    
-php-http/client-common              2.7.2             php-composer    
-php-http/discovery                  1.20.0            php-composer    
-php-http/httplug                    2.4.1             php-composer    
-php-http/message                    1.16.2            php-composer    
-php-http/multipart-stream-builder   1.4.2             php-composer    
-php-http/promise                    1.3.1             php-composer    
-php84                               8.4.16-r0         apk             
-php84-common                        8.4.16-r0         apk             
-php84-ctype                         8.4.16-r0         apk             
-php84-curl                          8.4.16-r0         apk             
-php84-dom                           8.4.16-r0         apk             
-php84-fileinfo                      8.4.16-r0         apk             
-php84-fpm                           8.4.16-r0         apk             
-php84-iconv                         8.4.16-r0         apk             
-php84-intl                          8.4.16-r0         apk             
-php84-mbstring                      8.4.16-r0         apk             
-php84-mysqlnd                       8.4.16-r0         apk             
-php84-opcache                       8.4.16-r0         apk             
-php84-openssl                       8.4.16-r0         apk             
-php84-pdo                           8.4.16-r0         apk             
-php84-pdo_mysql                     8.4.16-r0         apk             
-php84-pdo_pgsql                     8.4.16-r0         apk             
-php84-pdo_sqlite                    8.4.16-r0         apk             
-php84-phar                          8.4.16-r0         apk             
-php84-session                       8.4.16-r0         apk             
-php84-simplexml                     8.4.16-r0         apk             
-php84-tokenizer                     8.4.16-r0         apk             
-php84-xml                           8.4.16-r0         apk             
-php84-xmlwriter                     8.4.16-r0         apk             
-php84-zip                           8.4.16-r0         apk             
-phpoption/phpoption                 1.9.3             php-composer    
-phpunit/php-code-coverage           10.1.16           php-composer    
-phpunit/php-file-iterator           4.1.0             php-composer    
-phpunit/php-invoker                 4.0.0             php-composer    
-phpunit/php-text-template           3.0.1             php-composer    
-phpunit/php-timer                   6.0.0             php-composer    
-phpunit/phpunit                     10.5.47           php-composer    
-popt                                1.19-r4           apk             
-procps-ng                           4.0.4-r3          apk             
-psr/cache                           3.0.0             php-composer    
-psr/clock                           1.0.0             php-composer    
-psr/container                       2.0.2             php-composer    
-psr/event-dispatcher                1.0.0             php-composer    
-psr/http-client                     1.0.3             php-composer    
-psr/http-factory                    1.1.0             php-composer    
-psr/http-message                    2.0               php-composer    
-psr/log                             3.0.2             php-composer    
-psr/simple-cache                    3.0.0             php-composer    
-psy/psysh                           v0.12.9           php-composer    
-ralouphie/getallheaders             3.0.3             php-composer    
-ramsey/collection                   2.1.1             php-composer    
-ramsey/uuid                         4.9.0             php-composer    
-readline                            8.2.13-r1         apk             
-scanelf                             1.3.8-r1          apk             
-sebastian/cli-parser                2.0.1             php-composer    
-sebastian/code-unit                 2.0.0             php-composer    
-sebastian/code-unit-reverse-lookup  3.0.0             php-composer    
-sebastian/comparator                5.0.3             php-composer    
-sebastian/complexity                3.2.0             php-composer    
-sebastian/diff                      5.1.1             php-composer    
-sebastian/environment               6.1.0             php-composer    
-sebastian/exporter                  5.1.2             php-composer    
-sebastian/global-state              6.0.2             php-composer    
-sebastian/lines-of-code             2.0.2             php-composer    
-sebastian/object-enumerator         5.0.0             php-composer    
-sebastian/object-reflector          3.0.0             php-composer    
-sebastian/recursion-context         5.0.0             php-composer    
-sebastian/type                      4.0.0             php-composer    
-sebastian/version                   4.0.1             php-composer    
-shadow                              4.17.3-r0         apk             
-skalibs-libs                        2.14.4.0-r0       apk             
-spatie/backtrace                    1.7.4             php-composer    
-spatie/error-solutions              1.1.3             php-composer    
-spatie/flare-client-php             1.10.1            php-composer    
-spatie/ignition                     1.15.1            php-composer    
-spatie/laravel-html                 3.12.0            php-composer    
-spatie/laravel-ignition             2.9.1             php-composer    
-sqlite-libs                         3.49.2-r1         apk             
-squizlabs/php_codesniffer           3.13.2            php-composer    
-ssl_client                          1.37.0-r20        apk             
-symfony/cache                       v7.3.1            php-composer    
-symfony/cache-contracts             v3.6.0            php-composer    
-symfony/clock                       v7.3.0            php-composer    
-symfony/console                     v7.3.1            php-composer    
-symfony/css-selector                v7.3.0            php-composer    
-symfony/deprecation-contracts       v3.6.0            php-composer    
-symfony/error-handler               v7.3.1            php-composer    
-symfony/event-dispatcher            v7.3.0            php-composer    
-symfony/event-dispatcher-contracts  v3.6.0            php-composer    
-symfony/finder                      v7.3.0            php-composer    
-symfony/http-foundation             v7.3.1            php-composer    
-symfony/http-kernel                 v7.3.1            php-composer    
-symfony/mailer                      v7.3.1            php-composer    
-symfony/mime                        v7.3.0            php-composer    
-symfony/options-resolver            v7.3.0            php-composer    
-symfony/polyfill-ctype              v1.32.0           php-composer    
-symfony/polyfill-intl-grapheme      v1.32.0           php-composer    
-symfony/polyfill-intl-idn           v1.32.0           php-composer    
-symfony/polyfill-intl-normalizer    v1.32.0           php-composer    
-symfony/polyfill-mbstring           v1.32.0           php-composer    
-symfony/polyfill-php80              v1.32.0           php-composer    
-symfony/polyfill-php83              v1.32.0           php-composer    
-symfony/polyfill-uuid               v1.32.0           php-composer    
-symfony/process                     v7.3.0            php-composer    
-symfony/routing                     v7.3.0            php-composer    
-symfony/service-contracts           v3.6.0            php-composer    
-symfony/string                      v7.3.0            php-composer    
-symfony/thanks                      v1.4.0            php-composer    
-symfony/translation                 v7.3.1            php-composer    
-symfony/translation-contracts       v3.6.0            php-composer    
-symfony/uid                         v7.3.1            php-composer    
-symfony/var-dumper                  v7.3.1            php-composer    
-symfony/var-exporter                v7.3.0            php-composer    
-symfony/yaml                        v7.3.1            php-composer    
-theseer/tokenizer                   1.2.3             php-composer    
-tijsverkoyen/css-to-inline-styles   v2.3.0            php-composer    
-tzdata                              2025c-r0          apk             
-utmps-libs                          0.1.3.1-r0        apk             
-vlucas/phpdotenv                    v5.6.2            php-composer    
-voku/portable-ascii                 2.0.3             php-composer    
-webmozart/assert                    1.11.0            php-composer    
-xz-libs                             5.8.1-r0          apk             
-zlib                                1.3.1-r2          apk             
-zstd-libs                           1.5.7-r0          apk             
+alpine-baselayout-3.2.0-r18
+alpine-keys-2.4-r1
+apache2-utils-2.4.54-r0
+apk-tools-2.12.7-r3
+apr-1.7.0-r1
+apr-util-1.6.1-r11
+argon2-libs-20190702-r1
+bash-5.1.16-r0
+brotli-libs-1.0.9-r5
+busybox-1.34.1-r7
+ca-certificates-20220614-r0
+ca-certificates-bundle-20220614-r0
+coreutils-9.0-r2
+curl-7.80.0-r4
+expat-2.5.0-r0
+git-2.34.5-r0
+icu-libs-69.1-r1
+libacl-2.2.53-r0
+libattr-2.5.1-r1
+libbz2-1.0.8-r1
+libc-utils-0.7.2-r3
+libcrypto1.1-1.1.1s-r1
+libcurl-7.80.0-r4
+libedit-20210910.3.1-r0
+libgcc-10.3.1_git20211027-r0
+libintl-0.21-r0
+libpq-14.5-r0
+libproc-3.3.17-r0
+libretls-3.3.4-r3
+libssl1.1-1.1.1s-r1
+libstdc++-10.3.1_git20211027-r0
+libuuid-2.37.4-r0
+libxml2-2.9.14-r2
+libzip-1.8.0-r1
+linux-pam-1.5.2-r0
+logrotate-3.18.1-r4
+musl-1.2.2-r7
+musl-utils-1.2.2-r7
+nano-5.9-r0
+ncurses-libs-6.3_p20211120-r1
+ncurses-terminfo-base-6.3_p20211120-r1
+nghttp2-libs-1.46.0-r0
+nginx-1.20.2-r1
+oniguruma-6.9.7.1-r0
+openssl-1.1.1s-r1
+pcre-8.45-r1
+pcre2-10.40-r0
+php8-8.0.25-r0
+php8-common-8.0.25-r0
+php8-ctype-8.0.25-r0
+php8-curl-8.0.25-r0
+php8-fileinfo-8.0.25-r0
+php8-fpm-8.0.25-r0
+php8-intl-8.0.25-r0
+php8-mbstring-8.0.25-r0
+php8-mysqlnd-8.0.25-r0
+php8-openssl-8.0.25-r0
+php8-pdo-8.0.25-r0
+php8-pdo_mysql-8.0.25-r0
+php8-pdo_pgsql-8.0.25-r0
+php8-pdo_sqlite-8.0.25-r0
+php8-session-8.0.25-r0
+php8-simplexml-8.0.25-r0
+php8-tokenizer-8.0.25-r0
+php8-xml-8.0.25-r0
+php8-xmlwriter-8.0.25-r0
+php8-zip-8.0.25-r0
+popt-1.18-r0
+procps-3.3.17-r0
+readline-8.1.1-r0
+s6-ipcserver-2.11.0.0-r0
+scanelf-1.3.3-r0
+shadow-4.8.1-r1
+skalibs-2.11.0.0-r0
+sqlite-libs-3.36.0-r0
+ssl_client-1.34.1-r7
+tar-1.34-r0
+tzdata-2022f-r1
+utmps-0.1.0.3-r0
+xz-5.2.5-r1
+xz-libs-5.2.5-r1
+zlib-1.2.12-r3
+zstd-libs-1.5.0-r0

readme-vars.yml

@@ -4,125 +4,75 @@
 project_name: heimdall
 project_url: "https://heimdall.site"
 project_logo: "https://raw.githubusercontent.com/linuxserver/docker-templates/master/linuxserver.io/img/heimdall-banner.png"
-project_blurb: |
-  [{{ project_name|capitalize }}]({{ project_url }}) is a way to organise all those links to your most used web sites and web applications in a simple way.
+project_blurb: "[{{ project_name|capitalize }}]({{ project_url }}) is a way to organise all those links to your most used web sites and web applications in a simple way.
 
-  Simplicity is the key to Heimdall.
+Simplicity is the key to Heimdall.
 
-  Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo.
+Why not use it as your browser start page? It even has the ability to include a search bar using either Google, Bing or DuckDuckGo."
 project_lsio_github_repo_url: "https://github.com/linuxserver/docker-{{ project_name }}"
+
 # supported architectures
 available_architectures:
-  - {arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
-  - {arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
+  - { arch: "{{ arch_x86_64 }}", tag: "amd64-latest"}
+  - { arch: "{{ arch_arm64 }}", tag: "arm64v8-latest"}
+  - { arch: "{{ arch_armhf }}", tag: "arm32v7-latest"}
+
 # development version
 development_versions: true
 development_versions_items:
-  - {tag: "latest", desc: "Stable Heimdall releases."}
-  - {tag: "development", desc: "Latest commit from the github 2.x branch."}
+  - { tag: "latest", desc: "Stable Heimdall releases." }
+  - { tag: "development", desc: "Latest commit from the github 2.x branch." }
+
 # container parameters
 common_param_env_vars_enabled: true
 param_container_name: "{{ project_name }}"
 param_usage_include_vols: true
 param_volumes:
-  - {vol_path: "/config", vol_host_path: "/path/to/{{ project_name }}/config", desc: "Persistent config files"}
+  - { vol_path: "/config", vol_host_path: "/path/to/appdata/config", desc: "Contains all relevant configuration files." }
 param_usage_include_ports: true
 param_ports:
-  - {external_port: "80", internal_port: "80", port_desc: "http gui"}
-  - {external_port: "443", internal_port: "443", port_desc: "https gui"}
-opt_param_usage_include_env: true
-opt_param_env_vars:
-  - {env_var: "ALLOW_INTERNAL_REQUESTS", env_value: "false", desc: "By default, Heimdall blocks lookup requests to private or reserved IP addresses, if your instance is not exposed to the internet, or is behind some level of authentication, you can set this to `true` to allow requests to private IP addresses."}
+  - { external_port: "80", internal_port: "80", port_desc: "http gui" }
+  - { external_port: "443", internal_port: "443", port_desc: "https gui" }
+param_usage_include_env: true
+param_env_vars:
+  - { env_var: "TZ", env_value: "Europe/London", desc: "Specify a timezone to use EG Europe/London"}
+
 # application setup block
 app_setup_block_enabled: true
 app_setup_block: |
   Access the web gui at http://SERVERIP:PORT
 
-  ### Adding password protection
 
+  ### Adding password protection
+  
   This image now supports password protection through htpasswd. Run the following command on your host to generate the htpasswd file `docker exec -it heimdall htpasswd -c /config/nginx/.htpasswd <username>`. Replace <username> with a username of your choice and you will be asked to enter a password. Uncomment the `basic auth` lines in `/config/nginx/site-confs/default.conf` and restart the container.
-# init diagram
-init_diagram: |
-  "heimdall:development": {
-    docker-mods
-    base {
-      fix-attr +\nlegacy cont-init
-    }
-    docker-mods -> base
-    legacy-services
-    custom services
-    init-services -> legacy-services
-    init-services -> custom services
-    custom services -> legacy-services
-    legacy-services -> ci-service-check
-    init-migrations -> init-adduser
-    init-nginx-end -> init-config
-    init-os-end -> init-config
-    init-config -> init-config-end
-    init-crontab-config -> init-config-end
-    init-heimdall-config -> init-config-end
-    init-config -> init-crontab-config
-    init-mods-end -> init-custom-files
-    init-adduser -> init-device-perms
-    base -> init-envfile
-    init-os-end -> init-folders
-    init-nginx-end -> init-heimdall-config
-    init-php -> init-keygen
-    base -> init-migrations
-    init-config-end -> init-mods
-    init-mods-package-install -> init-mods-end
-    init-mods -> init-mods-package-install
-    init-samples -> init-nginx
-    init-version-checks -> init-nginx-end
-    init-adduser -> init-os-end
-    init-device-perms -> init-os-end
-    init-envfile -> init-os-end
-    init-keygen -> init-permissions
-    init-nginx -> init-php
-    init-folders -> init-samples
-    init-custom-files -> init-services
-    init-permissions -> init-version-checks
-    init-services -> svc-cron
-    svc-cron -> legacy-services
-    init-services -> svc-nginx
-    svc-nginx -> legacy-services
-    init-services -> svc-php-fpm
-    svc-php-fpm -> legacy-services
-    init-services -> svc-queue
-    svc-queue -> legacy-services
-  }
-  Base Images: {
-    "baseimage-alpine-nginx:3.22" <- "baseimage-alpine:3.22"
-  }
-  "heimdall:development" <- Base Images
+
 # changelog
 changelogs:
-  - {date: "17.07.25:", desc: "Rebase to Alpine 3.22, enable PHP environment passthrough."}
-  - {date: "27.06.24:", desc: "Rebase to Alpine 3.20. Existing users should update their nginx confs to avoid http2 deprecation warnings."}
-  - {date: "07.03.24:", desc: "Enable the opcache and disable file revalidation."}
-  - {date: "06.03.24:", desc: "Existing users should update: site-confs/default.conf - Cleanup default site conf."}
-  - {date: "23.12.23:", desc: "Rebase to Alpine 3.19 with php 8.3."}
-  - {date: "25.05.23:", desc: "Rebase to Alpine 3.18, deprecate armhf."}
-  - {date: "13.04.23:", desc: "Move ssl.conf include to default.conf."}
-  - {date: "20.01.23:", desc: "Rebase to alpine 3.17 with php8.1."}
-  - {date: "14.11.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))."}
-  - {date: "04.11.22:", desc: "Build commits to upstream branch 2.x."}
-  - {date: "13.03.21:", desc: "Make searchproviders.yaml user configurable."}
-  - {date: "11.03.21:", desc: "Rebase to alpine 3.14."}
-  - {date: "10.02.21:", desc: "Revert to alpine 3.12 as php 7.4 broke laravel."}
-  - {date: "10.02.21:", desc: "Rebasing to alpine 3.13."}
-  - {date: "01.06.20:", desc: "Rebasing to alpine 3.12."}
-  - {date: "19.12.19:", desc: "Rebasing to alpine 3.11."}
-  - {date: "15.07.19:", desc: "Save laravel.log to /config, install heimdall during first start."}
-  - {date: "28.06.19:", desc: "Rebasing to alpine 3.10."}
-  - {date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag."}
-  - {date: "22.02.19:", desc: "Rebasing to alpine 3.9."}
-  - {date: "04.11.18:", desc: "Add php7-zip."}
-  - {date: "31.10.18:", desc: "Add queue service."}
-  - {date: "17.10.18:", desc: "Symlink avatars folder."}
-  - {date: "16.10.18:", desc: "Updated fastcgi_params for user login support."}
-  - {date: "07.10.18:", desc: "Symlink `.env` rather than copy. It now resides under `/config/www`"}
-  - {date: "30.09.18:", desc: "Multi-arch image. Move `.env` to `/config`."}
-  - {date: "05.09.18:", desc: "Rebase to alpine linux 3.8."}
-  - {date: "06.03.18:", desc: "Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default.conf and restart the container, a new default site config with htpasswd support will be created in its place"}
-  - {date: "12.02.18:", desc: "Initial Release."}
+  - { date: "14.11.22:", desc: "Rebasing to alpine 3.15 with php8. Restructure nginx configs ([see changes announcement](https://info.linuxserver.io/issues/2022-08-20-nginx-base))." }
+  - { date: "04.11.22:", desc: "Build commits to upstream branch 2.x for the `development` tag." }
+  - { date: "13.03.21:", desc: "Make searchproviders.yaml user configurable." }
+  - { date: "10.02.21:", desc: "Revert to alpine 3.12 as php 7.4 broke laravel." }
+  - { date: "10.02.21:", desc: "Rebasing to alpine 3.13." }
+  - { date: "17.08.20:", desc: "Add php7-curl." }
+  - { date: "01.06.20:", desc: "Rebasing to alpine 3.12." }
+  - { date: "17.01.20:", desc: "Use nginx from baseimage." }
+  - { date: "19.12.19:", desc: "Rebasing to alpine 3.11." }
+  - { date: "16.07.19:", desc: "Save laravel.log to /config/log/heimdall." }
+  - { date: "28.06.19:", desc: "Rebasing to alpine 3.10." }
+  - { date: "01.04.19:", desc: "Fix permission detect logic." }
+  - { date: "26.03.19:", desc: "Install Heimdall during container start to prevent delayed start due to overlayfs bug with recursive chown." }
+  - { date: "23.03.19:", desc: "Switching to new Base images, shift to arm32v7 tag." }
+  - { date: "15.03.19:", desc: "Clarify docker image tags in readme." }
+  - { date: "22.02.19:", desc: "Rebasing to alpine 3.9." }
+  - { date: "16.01.18:", desc: "Generate random app key in .env for new installs." }
+  - { date: "20.11.18:", desc: "Upgrade baseimage packages during build." }
+  - { date: "04.11.18:", desc: "Add php7-zip." }
+  - { date: "31.10.18:", desc: "Add queue service." }
+  - { date: "17.10.18:", desc: "Symlink avatars folder." }
+  - { date: "16.10.18:", desc: "Updated fastcgi_params for user login support." }
+  - { date: "07.10.18:", desc: "Symlink `.env` rather than copy. It now resides under `/config/www`" }
+  - { date: "30.09.18:", desc: "Multi-arch image. Move `.env` to `/config`." }
+  - { date: "05.09.18:", desc: "Rebase to alpine linux 3.8." }
+  - { date: "06.03.18:", desc: "Use password protection if htpasswd is set. Existing users can delete their default site config at /config/nginx/site-confs/default.conf and restart the container, a new default site config with htpasswd support will be created in its place" }
+  - { date: "12.02.18:", desc: "Initial Release." }

root/defaults/nginx/site-confs/default.conf.sample

@@ -0,0 +1,34 @@
+## Version 2022/11/14 - Changelog: https://github.com/linuxserver/docker-heimdall/commits/master/root/defaults/nginx/site-confs/default.conf.sample
+
+server {
+    listen 80 default_server;
+    listen [::]:80 default_server;
+
+    listen 443 ssl http2 default_server;
+    listen [::]:443 ssl http2 default_server;
+
+    server_name _;
+
+    root /app/www/public;
+    index index.html index.htm index.php;
+
+    location / {
+        # enable for basic auth
+        #auth_basic "Restricted";
+        #auth_basic_user_file /config/nginx/.htpasswd;
+
+        try_files $uri $uri/ /index.html /index.php$is_args$args;
+    }
+
+    location ~ ^(.+\.php)(.*)$ {
+        fastcgi_split_path_info ^(.+\.php)(.*)$;
+        fastcgi_pass 127.0.0.1:9000;
+        fastcgi_index index.php;
+        include /etc/nginx/fastcgi_params;
+    }
+
+    # deny access to .htaccess/.htpasswd files
+    location ~ /\.ht {
+        deny all;
+    }
+}

root/etc/cont-init.d/50-config

@@ -4,14 +4,18 @@
 # make our folders
 mkdir -p \
     /config/www/{avatars,backgrounds,icons,logs,SupportedApps} \
+    /app/www \
     /config/log/heimdall
 
 # install heimdall if necessary
-if [[ -d /app/www-tmp ]]; then
+if [[ -f /heimdall/heimdall.tar.gz ]]; then
     echo "New container detected, installing Heimdall"
-    mv /app/www-tmp /app/www
+    tar xf \
+        /heimdall/heimdall.tar.gz -C \
+        /app/www --strip-components=1
+    echo -e '\n# Heimdall user authorization\nfastcgi_param  PHP_AUTH_USER $remote_user;\nfastcgi_param  PHP_AUTH_PW $http_authorization;' >> \
+        /etc/nginx/fastcgi_params
     cp /app/www/storage/app/searchproviders.yaml /app/www/storage/app/searchproviders.yaml.orig
-    touch /app/set-perms
 fi
 
 # create symlinks
@@ -41,11 +45,10 @@ rm -rf /app/www/storage/app/searchproviders.yaml
 ln -s /config/www/searchproviders.yaml /app/www/storage/app/searchproviders.yaml
 
 # tidy up install files & set permissions
-if [[ -f /app/set-perms ]]; then
-    rm -rf /app/set-perms
-    lsiown -R abc:abc \
-        /app/www \
-        /config
+if [[ -f /heimdall/heimdall.tar.gz ]]; then
+    rm -rf /heimdall
+    chown -R abc:abc /app/www
+    chown -R abc:abc /config
 fi
 
 # copy .env if not exists

root/etc/s6-overlay/s6-rc.d/init-heimdall-config/type

@@ -1 +0,0 @@
-oneshot

root/etc/s6-overlay/s6-rc.d/init-heimdall-config/up

@@ -1 +0,0 @@
-/etc/s6-overlay/s6-rc.d/init-heimdall-config/run

root/etc/s6-overlay/s6-rc.d/svc-queue/type

@@ -1 +0,0 @@
-longrun

root/etc/services.d/queue/run

@@ -1,5 +1,4 @@
 #!/usr/bin/with-contenv bash
-# shellcheck shell=bash
 
 exec \
     s6-setuidgid abc php /app/www/artisan queue:work database --sleep=3 --tries=3

root/migrations/02-default-location

@@ -1,11 +1,10 @@
 #!/usr/bin/with-contenv bash
-# shellcheck shell=bash
 
 DEFAULT_CONF="/config/nginx/site-confs/default.conf"
 OLD_ROOT="root /var/www/localhost/heimdall/public;"
 NEW_ROOT="root /app/www/public;"
 
-if [[ -f "${DEFAULT_CONF}" ]] && grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then
+if grep -q "${OLD_ROOT}" "${DEFAULT_CONF}" 2>/dev/null; then
     echo "updating root in ${DEFAULT_CONF}"
     sed -i "s|${OLD_ROOT}|${NEW_ROOT}|" "${DEFAULT_CONF}"
 fi