Add nextcloud crond and fix SMTP smuggling

container-config/synapse/homeserver.yaml

@@ -16,3 +16,4 @@ suppress_key_server_warning: true
 turn_uris: ['turn:vps.strypsteen.com']
 turn_allow_guests: false
 delete_stale_devices_after: 1y
+max_upload_size: 250M

containers/postfix/postfix/main.cf

@@ -45,6 +45,7 @@ smtpd_sender_restrictions = reject_non_fqdn_sender reject_unknown_sender_domain
 smtpd_helo_required = yes
 smtpd_helo_restrictions = reject_invalid_helo_hostname reject_non_fqdn_helo_hostname permit_sasl_authenticated reject_unknown_helo_hostname
 smtpd_client_restrictions = permit_sasl_authenticated reject_unknown_reverse_client_hostname
+smtpd_forbid_bare_newline = normalize
 
 smtpd_milters = inet:systemd-rspamd:11332
 non_smtpd_milters = $smtpd_milters

home/etc/containers/systemd/nextcloud.container

@@ -6,7 +6,7 @@ Image=docker.io/nextcloud
 PodmanArgs=--entrypoint=sh
 UserNS=auto
 Network=nginx.network
-Exec=-c "chown -Rh www-data:www-data /var/www/html && /entrypoint.sh apache2-foreground"
+Exec=-c "chown -Rh www-data:www-data /var/www/html && busybox crond && /entrypoint.sh apache2-foreground"
 Volume=nextcloud.volume:/var/www/html:U,Z
 Environment=OVERWRITEPROTOCOL=https
 AutoUpdate=registry

home/etc/containers/systemd/users/1500/act-runner.container

@@ -1,6 +1,8 @@
 [Unit]
 Requires=podman-container.service
 After=podman-container.service
+[Service]
+ExecStartPre=sleep 1
 [Container]
 Image=docker.io/gitea/act_runner
 Volume=podman-run.volume:/run/podman:z