Upgrade OS --> 26.04

.github/workflows/check-code-with-shellcheck.yml

@@ -10,9 +10,9 @@ jobs:
     name: Github Actions
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+    - uses: actions/checkout@v6
     - name: Run Shellcheck
-      uses: ludeeus/action-shellcheck@00b27aa7cb85167568cb48a3838b75f4265f2bca # master
+      uses: ludeeus/action-shellcheck@master
       with:
         check_together: 'yes'
       env:

.github/workflows/install-smoke-test.yml

@@ -0,0 +1,135 @@
+name: 'install-smoke-test'
+
+# Manual / scheduled smoke test that runs nextcloud_install_production.sh
+# end-to-end inside a privileged Ubuntu 26.04 container. Catches:
+#   - apt package availability changes between LTS releases
+#   - PHP/PG/Apache config breakage
+#   - Nextcloud download + occ install regressions
+#   - lib.sh sourcing / version-gate regressions
+#
+# Does NOT cover:
+#   - real LVM snapshot / lvextend behavior (loopback approximation)
+#   - hypervisor-specific kernel installs (Hyper-V, VMware, QEMU)
+#   - reboot path (stubbed)
+#
+# Manual trigger only — runtime ~25 min, ~3 GB RAM.
+
+on:
+  pull_request:
+  workflow_dispatch:
+    inputs:
+      ubuntu_image:
+        description: 'Ubuntu image to test against (e.g. ubuntu:26.04, ubuntu:24.04)'
+        default: 'ubuntu:26.04'
+        required: true
+
+permissions:
+  contents: read
+
+jobs:
+  install:
+    name: 'Run nextcloud_install_production.sh -p'
+    runs-on: ubuntu-latest
+    timeout-minutes: 45
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v6
+        with:
+          # Default checks out the ref that fired workflow_dispatch (so picking
+          # `upgrade-os-26.04` from the UI tests that branch).
+          ref: ${{ github.ref }}
+
+      - name: Run install script in privileged container
+        env:
+          UBUNTU_IMAGE: ${{ inputs.ubuntu_image || 'ubuntu:26.04' }}
+        run: |
+          set -e
+          docker run --rm \
+            --privileged \
+            --user 0:0 \
+            --name nc-install \
+            -v "$PWD:/repo:ro" \
+            -e DEBIAN_FRONTEND=noninteractive \
+            -e SUDO_USER=root \
+            -e RUNLEVEL=1 \
+            -e TERM=dumb \
+            -e LANG=C.UTF-8 \
+            -e LC_ALL=C.UTF-8 \
+            "$UBUNTU_IMAGE" \
+            bash -c '
+              set -e
+              # Diagnostics — confirm we are root inside the container
+              id
+              # Bare image bootstrap so the install script can run
+              apt-get update -qq
+              apt-get install -qqy --no-install-recommends \
+                sudo curl ca-certificates lsb-release iproute2 \
+                netcat-openbsd whiptail locales mount util-linux
+              # Generate the C.UTF-8 locale so ram_check can parse meminfo
+              locale-gen C.UTF-8 en_US.UTF-8
+              update-locale LANG=C.UTF-8 LC_ALL=C.UTF-8
+              # Override the default policy-rc.d that blocks service starts in
+              # apt postinst. Without this, postgresql installs but its cluster
+              # never gets started.
+              printf "#!/bin/sh\nexit 0\n" > /usr/sbin/policy-rc.d
+              chmod 0755 /usr/sbin/policy-rc.d
+              # Re-enable Install-Recommends. Ubuntu Docker images ship with
+              # APT::Install-Recommends "false" which prevents php-fpm from
+              # pulling in php-cli (needed for occ, etc.).
+              printf "APT::Install-Recommends \"true\";\nAPT::Install-Suggests \"false\";\n" \
+                > /etc/apt/apt.conf.d/00recommends
+              # systemctl shim — container has no PID-1 systemd. Translate
+              # start/restart/stop to /etc/init.d/<svc> or no-op.
+              printf "%s\n" \
+                "#!/bin/bash" \
+                "cmd=\${1:-}" \
+                "svc=\${2:-}" \
+                "svc=\${svc%.service}" \
+                "case \"\$cmd\" in" \
+                "  start|stop|restart|reload|status)" \
+                "    if [ -x \"/etc/init.d/\$svc\" ]; then" \
+                "      /etc/init.d/\$svc \"\$cmd\"" \
+                "    else" \
+                "      echo \"[systemctl shim] no-op: \$cmd \$svc\" >&2" \
+                "      exit 0" \
+                "    fi" \
+                "    ;;" \
+                "  *)" \
+                "    echo \"[systemctl shim] no-op: \$*\" >&2" \
+                "    exit 0" \
+                "    ;;" \
+                "esac" \
+                > /usr/local/bin/systemctl
+              chmod +x /usr/local/bin/systemctl
+              # Pre-seed /var/scripts so fetch_lib.sh uses THIS branch'"'"'s lib.sh
+              # instead of downloading the stale copy from main.
+              # fetch_lib.sh skips the download when both files already exist.
+              mkdir -p /var/scripts
+              cp /repo/lib.sh /var/scripts/lib.sh
+              touch /var/scripts/nextcloud-startup-script.sh
+              # Loop device for /dev/sdb (script expects a second disk for ZFS).
+              # Best-effort: skip silently if losetup unavailable in this kernel.
+              # `loop` is built into the host kernel on GH runners, no modprobe needed.
+              set +e
+              truncate -s 6G /tmp/disk-sdb.img
+              LOOP=$(losetup -f 2>/dev/null)
+              if [ -n "$LOOP" ] && losetup -P "$LOOP" /tmp/disk-sdb.img 2>/dev/null; then
+                ln -sf "$LOOP" /dev/sdb
+                echo "Created /dev/sdb -> $LOOP"
+              else
+                echo "WARNING: could not create loop device; format-sdb step will fail" >&2
+              fi
+              set -e
+              # Stub reboot so the script does not actually try to reboot.
+              # (printf instead of heredoc — closing heredoc tag cannot be indented
+              # inside a YAML run block.)
+              printf "#!/bin/sh\necho \"[reboot stubbed in CI: \$*]\" >&2\nexit 0\n" \
+                > /usr/local/sbin/reboot
+              chmod +x /usr/local/sbin/reboot
+              ln -sf /usr/local/sbin/reboot /usr/local/sbin/shutdown
+              # Make a copy we can edit (script lives in read-only mount)
+              cp -a /repo /work
+              cd /work
+              # Run installer in provisioning mode (no prompts)
+              bash nextcloud_install_production.sh -p
+            '

.github/workflows/reviewdog.yml

@@ -11,9 +11,9 @@ jobs:
     name: Shellcheck testing
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+      - uses: actions/checkout@v6
       - name: shellcheck
-        uses: reviewdog/action-shellcheck@4c07458293ac342d477251099501a718ae5ef86e # v1
+        uses: reviewdog/action-shellcheck@v1
         with:
           github_token: ${{ secrets.github_token }}
           reporter: github-pr-review
@@ -25,9 +25,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: spelling or typos
-        uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6
+        uses: actions/checkout@v6
       - name: misspell
-        uses: reviewdog/action-misspell@d6429416b12b09b4e2768307d53bef58d172e962 # v1
+        uses: reviewdog/action-misspell@v1
         with:
           github_token: ${{ secrets.github_token }}
           locale: "US"

README.md

@@ -17,12 +17,12 @@ Server installation. Simplified. :cloud:
 --------------------
 
 ## Dependencies:
-(Ubuntu Server 24.04 LTS *minimal* 64-bit)
+(Ubuntu Server 26.04 LTS *minimal* 64-bit)
 <br>
-(Linux Kernel: 6.8)
+(Linux Kernel: 7.0)
 - Apache 2.4
-- PostgreSQL 16
-- PHP-FPM 8.3
+- PostgreSQL 18
+- PHP-FPM 8.5
 - Redis Memcache (Ubuntu package)
 - PHP-igbinary (Ubuntu package)
 - PHP-smbclient (Ubuntu package)

addons/redis-server-ubuntu.sh

@@ -16,9 +16,9 @@ debug_mode
 root_check
 
 # Check Ubuntu version
-if ! version 18.04 "$DISTRO" 24.04.10
+if ! version 18.04 "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
-    msg_box "Your current Ubuntu version is $DISTRO but must be between 18.04 - 24.04.10 to run this script."
+    msg_box "Your current Ubuntu version is $DISTRO but must be between 18.04 - $SUPPORTED_VERSION_MAX to run this script."
     msg_box "Please contact us to get support for upgrading your server:
 https://www.hanssonit.se/#contact
 https://shop.hanssonit.se/"

apps/adminneo.sh

@@ -92,8 +92,8 @@ fi
 
 print_text_in_color "$IGreen" "AdminNeo ${ADMINNEO_VERSION} successfully downloaded!"
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/collabora_docker.sh

@@ -135,8 +135,8 @@ a2enmod proxy_http
 a2enmod ssl
 a2enmod headers
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/onlyoffice_docker.sh

@@ -152,8 +152,8 @@ a2enmod proxy_http
 a2enmod ssl
 a2enmod headers
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/pico_cms.sh

@@ -214,8 +214,8 @@ a2enmod proxy_http
 a2enmod ssl
 a2enmod headers
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/smbmount.sh

@@ -350,14 +350,14 @@ We please you to do the math yourself if the number is high enough for your setu
             # Get installed php version
             check_php
             # Enable Inotify
-            if [ ! -f $PHP_MODS_DIR/inotify.ini ]
+            if [ ! -f "$PHP_MODS_DIR"/inotify.ini ]
             then
-                touch $PHP_MODS_DIR/inotify.ini
+                touch "$PHP_MODS_DIR"/inotify.ini
             fi
-            if ! grep -qFx extension=inotify.so $PHP_MODS_DIR/inotify.ini
+            if ! grep -qFx extension=inotify.so "$PHP_MODS_DIR"/inotify.ini
             then
-                echo "# PECL inotify" > $PHP_MODS_DIR/inotify.ini
-                echo "extension=inotify.so" >> $PHP_MODS_DIR/inotify.ini
+                echo "# PECL inotify" > "$PHP_MODS_DIR"/inotify.ini
+                echo "extension=inotify.so" >> "$PHP_MODS_DIR"/inotify.ini
                 check_command phpenmod -v ALL inotify
             fi
 

apps/talk.sh

@@ -93,10 +93,10 @@ else
     removal_popup "$SCRIPT_NAME"
 fi
 
-# Must be 24.04
-if ! version 22.04 "$DISTRO" 24.04.10
+# Must be on a supported Ubuntu release
+if ! version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
-    msg_box "Your current Ubuntu version is $DISTRO but must be between 22.04 - 24.04.10 to install Talk"
+    msg_box "Your current Ubuntu version is $DISTRO but must be between $SUPPORTED_VERSION_MIN - $SUPPORTED_VERSION_MAX to install Talk"
     msg_box "Please contact us to get support for upgrading your server:
 https://www.hanssonit.se/#contact
 https://shop.hanssonit.se/"
@@ -444,8 +444,8 @@ mkdir -p /var/www/html/error
 echo "Hi there! :) If you see this page, the Apache2 proxy for $SCRIPT_NAME is up and running." > /var/www/html/error/404_proxy.html
 chown -R www-data:www-data /var/www/html/error
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/tmbitwarden.sh

@@ -240,8 +240,8 @@ a2enmod ssl
 a2enmod headers
 a2enmod remoteip
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/vaultwarden.sh

@@ -122,8 +122,8 @@ a2enmod ssl
 a2enmod headers
 a2enmod remoteip
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi

apps/webmin.sh

@@ -52,7 +52,6 @@ install_if_not libauthen-pam-perl
 install_if_not libpam-runtime
 install_if_not libio-pty-perl
 install_if_not apt-show-versions
-install_if_not python2
 install_if_not unzip
 install_if_not shared-mime-info
 install_if_not zip

disk/change-to-zfs-mount-generator.sh

@@ -18,7 +18,7 @@ source /var/scripts/fetch_lib.sh
 # Check if root
 root_check
 
-# Needs to be Ubuntu 22.04 and Multiverse
+# Needs a supported Ubuntu release (see lib.sh) and Multiverse
 check_distro_version
 check_multiverse
 

disk/format-chosen.sh

@@ -10,7 +10,7 @@ source /var/scripts/fetch_lib.sh
 # Check if root
 root_check
 
-# Needs to be Ubuntu 22.04 and Multiverse
+# Needs a supported Ubuntu release (see lib.sh) and Multiverse
 check_distro_version
 check_multiverse
 

disk/format-sdb.sh

@@ -10,7 +10,7 @@ source /var/scripts/fetch_lib.sh
 # Check if root
 root_check
 
-# Needs to be Ubuntu 22.04 and Multiverse
+# Needs a supported Ubuntu release (see lib.sh) and Multiverse
 check_distro_version
 check_multiverse
 

lets-encrypt/activate-tls.sh

@@ -115,21 +115,21 @@ fi
 # To get the correct version for the Apache conf file
 check_php
 
-# Only add TLS 1.3 on Ubuntu later than 22.04
-if version 22.04 "$DISTRO" 24.04.10
+# Only add TLS 1.3 on supported Ubuntu releases
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     TLS13="+TLSv1.3"
 fi
 
 # Fix zero file sizes
 # See https://github.com/nextcloud/server/issues/3056
-if version 24.04 "$DISTRO" 26.04.10
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     SETENVPROXY="SetEnv proxy-sendcl 1"
 fi
 
 # Install Brotli
-if version 24.04 "$DISTRO" 26.04.10
+if version "$SUPPORTED_VERSION_MIN" "$DISTRO" "$SUPPORTED_VERSION_MAX"
 then
     if ! [ -f /etc/apache2/conf-available/brotli.conf ]
     then