From 88bf9b02e112bced1d37c69a885d8dbad4cd657a Mon Sep 17 00:00:00 2001
From: DerLinkman <niklas.meyer@servercow.de>
Date: Wed, 6 Aug 2025 08:36:40 +0200
Subject: [PATCH] core: modules splitting + ipv6 nat rewrite (#6634)

* ipv6: added ipv6 detection + removed ip6 nat container

* nginx: renamed DISABLE_IPv6 to ENABLE_IPV6 to align

* initial commit for script overhauls

* rewrite to scripts after testing (improved error handling)

* fixed missing fi in update.sh

* fixed/added comments for modules

* fix broken EXIT_CODE var handling

* added jq as dependancy

* fixed docker version check for daemon

* improved _modules handling while running

* reintegrated module loading (update.sh)

* added error handling for blank daemon.json

* adapted removal of ACME_CONTACT for nightly

* move detect_major_update func to core submodule

* removed unnecessary message on every call of function

* Update _modules/scripts/new_options.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update _modules/scripts/core.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* improve ENABLE_IPV6 check in nginx bootstrap

* improve detection of ENABLE_IPV6

* ip6_controller: moved docker major detection upwards

* Update _modules/scripts/new_options.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* Update _modules/scripts/new_options.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>

* reuse DOCKER_MAJOR Variable in ip6_controller

* fix some smaller typos in update.sh

* smaller bugfixes in submodules

* completely remove ACME_CONTACT Variable

---------

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
---
 _modules/scripts/core.sh            |  223 +++++
 _modules/scripts/ipv6_controller.sh |  168 ++++
 _modules/scripts/migrate_options.sh |   96 +++
 _modules/scripts/new_options.sh     |  299 +++++++
 data/Dockerfiles/nginx/bootstrap.py |    4 +-
 docker-compose.yml                  |   35 +-
 generate_config.sh                  |  104 +--
 update.sh                           | 1227 ++-------------------------
 8 files changed, 869 insertions(+), 1287 deletions(-)
 create mode 100644 _modules/scripts/core.sh
 create mode 100644 _modules/scripts/ipv6_controller.sh
 create mode 100644 _modules/scripts/migrate_options.sh
 create mode 100644 _modules/scripts/new_options.sh

diff --git a/_modules/scripts/core.sh b/_modules/scripts/core.sh
new file mode 100644
index 000000000..42133aa6b
--- /dev/null
+++ b/_modules/scripts/core.sh
@@ -0,0 +1,223 @@
+#!/usr/bin/env bash
+# _modules/scripts/core.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+# ANSI color for red errors
+RED='\e[31m'
+GREEN='\e[32m'
+YELLOW='\e[33m'
+BLUE='\e[34m'
+MAGENTA='\e[35m'
+LIGHT_RED='\e[91m'
+LIGHT_GREEN='\e[92m'
+NC='\e[0m'
+
+caller="${BASH_SOURCE[1]##*/}"
+
+get_installed_tools(){
+    for bin in openssl curl docker git awk sha1sum grep cut jq; do
+        if [[ -z $(command -v ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
+    done
+
+    if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\"${NC}"; exit 1; fi
+    # This will also cover sort
+    if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\"${NC}"; exit 1; fi
+    if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo -e "${LIGHT_RED}BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\"${NC}"; exit 1; fi
+}
+
+get_docker_version(){
+    # Check Docker Version (need at least 24.X)
+    docker_version=$(docker version --format '{{.Server.Version}}' | cut -d '.' -f 1)
+}
+
+get_compose_type(){
+    if docker compose > /dev/null 2>&1; then
+        if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
+            COMPOSE_VERSION=native
+            COMPOSE_COMMAND="docker compose"
+            if [[ "$caller" == "update.sh" ]]; then
+                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
+            fi
+            echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
+            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
+            sleep 2
+            echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
+        else
+            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+            echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+            exit 1
+        fi
+    elif docker-compose > /dev/null 2>&1; then
+    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
+        if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
+            COMPOSE_VERSION=standalone
+            COMPOSE_COMMAND="docker-compose"
+            if [[ "$caller" == "update.sh" ]]; then
+                sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
+            fi
+            echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
+            echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
+            sleep 2
+            echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
+        else
+            echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
+            echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+            exit 1
+        fi
+    fi
+    else
+        echo -e "\e[31mCannot find Docker Compose.\e[0m"
+        echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
+        exit 1
+    fi
+}
+
+detect_bad_asn() {
+  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
+  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
+  if [ "$response" -eq 503 ]; then
+    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
+      sleep 2
+      echo ""
+      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
+      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
+      echo ""
+      sleep 2
+    else
+      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
+      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
+    fi
+  elif [ "$response" -eq 200 ]; then
+    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
+  elif [ "$response" -eq 429 ]; then
+    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
+  else
+    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
+  fi
+}
+
+check_online_status() {
+  CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
+  for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
+    if timeout 6 curl --head --silent --output /dev/null ${domain}; then
+      return 0
+    fi
+  done
+  return 1
+}
+
+prefetch_images() {
+  [[ -z ${BRANCH} ]] && { echo -e "\e[33m\nUnknown branch...\e[0m"; exit 1; }
+  git fetch origin #${BRANCH}
+  while read image; do
+    RET_C=0
+    until docker pull "${image}"; do
+      RET_C=$((RET_C + 1))
+      echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
+      [ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
+      sleep 1
+    done
+  done < <(git show "origin/${BRANCH}:docker-compose.yml" | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
+}
+
+docker_garbage() {
+  SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )/../.." && pwd )"
+  IMGS_TO_DELETE=()
+
+  declare -A IMAGES_INFO
+  COMPOSE_IMAGES=($(grep -oP "image: \K(ghcr\.io/)?mailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
+
+  for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep -E '(mailcow/|ghcr\.io/mailcow/)'); do
+      ID=$(echo "$existing_image" | cut -d ':' -f 1)
+      REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
+      TAG=$(echo "$existing_image" | cut -d ':' -f 3)
+
+      if [[ "$REPOSITORY" == "mailcow/backup" || "$REPOSITORY" == "ghcr.io/mailcow/backup" ]]; then
+          if [[ "$TAG" != "<none>" ]]; then
+              continue
+          fi
+      fi
+
+      if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
+          continue
+      else
+          IMGS_TO_DELETE+=("$ID")
+          IMAGES_INFO["$ID"]="$REPOSITORY:$TAG"
+      fi
+  done
+
+  if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
+      echo "The following unused mailcow images were found:"
+      for id in "${IMGS_TO_DELETE[@]}"; do
+          echo "    ${IMAGES_INFO[$id]} ($id)"
+      done
+
+      if [ -z "$FORCE" ]; then
+          read -r -p "Do you want to delete them to free up some space? [y/N] " response
+          if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+              docker rmi ${IMGS_TO_DELETE[*]}
+          else
+              echo "OK, skipped."
+          fi
+      else
+          echo "Running in forced mode! Force removing old mailcow images..."
+          docker rmi ${IMGS_TO_DELETE[*]}
+      fi
+      echo -e "\e[32mFurther cleanup...\e[0m"
+      echo "If you want to cleanup further garbage collected by Docker, please make sure all containers are up and running before cleaning your system by executing \"docker system prune\""
+  fi
+}
+
+in_array() {
+  local e match="$1"
+  shift
+  for e; do [[ "$e" == "$match" ]] && return 0; done
+  return 1
+}
+
+detect_major_update() {
+  if [ ${BRANCH} == "master" ]; then
+    # Array with major versions
+    # Add major versions here
+    MAJOR_VERSIONS=(
+      "2025-02"
+      "2025-03"
+    )
+
+    current_version=""
+    if [[ -f "${SCRIPT_DIR}/data/web/inc/app_info.inc.php" ]]; then
+      current_version=$(grep 'MAILCOW_GIT_VERSION' ${SCRIPT_DIR}/data/web/inc/app_info.inc.php | sed -E 's/.*MAILCOW_GIT_VERSION="([^"]+)".*/\1/')
+    fi
+    if [[ -z "$current_version" ]]; then
+      return 1
+    fi
+    release_url="https://github.com/mailcow/mailcow-dockerized/releases/tag"
+
+    updates_to_apply=()
+
+    for version in "${MAJOR_VERSIONS[@]}"; do
+      if [[ "$current_version" < "$version" ]]; then
+        updates_to_apply+=("$version")
+      fi
+    done
+
+    if [[ ${#updates_to_apply[@]} -gt 0 ]]; then
+      echo -e "\e[33m\nMAJOR UPDATES to be applied:\e[0m"
+      for update in "${updates_to_apply[@]}"; do
+        echo "$update - $release_url/$update"
+      done
+
+      echo -e "\nPlease read the release notes before proceeding."
+      read -p "Do you want to proceed with the update? [y/n] " response
+      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        echo "Proceeding with the update..."
+      else
+        echo "Update canceled. Exiting."
+        exit 1
+      fi
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/_modules/scripts/ipv6_controller.sh b/_modules/scripts/ipv6_controller.sh
new file mode 100644
index 000000000..7fe7d3cbd
--- /dev/null
+++ b/_modules/scripts/ipv6_controller.sh
@@ -0,0 +1,168 @@
+#!/usr/bin/env bash
+# _modules/scripts/ipv6_controller.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+# 1) Check if the host supports IPv6
+get_ipv6_support() {
+  if grep -qs '^1' /proc/sys/net/ipv6/conf/all/disable_ipv6 2>/dev/null \
+    || ! ip -6 route show default &>/dev/null; then
+    DETECTED_IPV6=false
+    echo -e "${YELLOW}IPv6 not detected on host – ${LIGHT_RED}disabling IPv6 support${YELLOW}.${NC}"
+  else
+    DETECTED_IPV6=true
+    echo -e "IPv6 detected on host – ${LIGHT_GREEN}leaving IPv6 support enabled${YELLOW}.${NC}"
+  fi
+}
+
+# 2) Ensure Docker daemon.json has (or create) the required IPv6 settings
+docker_daemon_edit(){
+  DOCKER_DAEMON_CONFIG="/etc/docker/daemon.json"
+  DOCKER_MAJOR=$(docker version --format '{{.Server.Version}}' 2>/dev/null | cut -d. -f1)
+  MISSING=()
+
+  _has_kv() { grep -Eq "\"$1\"\s*:\s*$2" "$DOCKER_DAEMON_CONFIG" 2>/dev/null; }
+
+  if [[ -f "$DOCKER_DAEMON_CONFIG" ]]; then
+
+    # reject empty or whitespace-only file immediately
+    if [[ ! -s "$DOCKER_DAEMON_CONFIG" ]] || ! grep -Eq '[{}]' "$DOCKER_DAEMON_CONFIG"; then
+      echo -e "${RED}ERROR: $DOCKER_DAEMON_CONFIG exists but is empty or contains no JSON braces – please initialize it with valid JSON (e.g. {}).${NC}"
+      exit 1
+    fi
+
+    # Validate JSON if jq is present
+    if command -v jq &>/dev/null && ! jq empty "$DOCKER_DAEMON_CONFIG" &>/dev/null; then
+      echo -e "${RED}ERROR: Invalid JSON in $DOCKER_DAEMON_CONFIG – please correct manually.${NC}"
+      exit 1
+    fi
+
+    # Gather missing keys
+    ! _has_kv ipv6 true       && MISSING+=("ipv6: true")
+    ! grep -Eq '"fixed-cidr-v6"\s*:\s*".+"' "$DOCKER_DAEMON_CONFIG" \
+                              && MISSING+=('fixed-cidr-v6: "fd00:dead:beef:c0::/80"')
+    if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -ge 27 ]]; then
+      _has_kv ipv6 true && ! _has_kv ip6tables true && MISSING+=("ip6tables: true")
+      ! _has_kv experimental true                 && MISSING+=("experimental: true")
+    fi
+
+    # Fix if needed
+    if ((${#MISSING[@]}>0)); then
+      echo -e "${MAGENTA}Your daemon.json is missing: ${YELLOW}${MISSING[*]}${NC}"
+      if [[ -n "$FORCE" ]]; then
+        ans=Y
+      else
+        read -p "Would you like to update $DOCKER_DAEMON_CONFIG now? [Y/n] " ans
+        ans=${ans:-Y}
+      fi
+
+      if [[ $ans =~ ^[Yy]$ ]]; then
+        cp "$DOCKER_DAEMON_CONFIG" "${DOCKER_DAEMON_CONFIG}.bak"
+        if command -v jq &>/dev/null; then
+          TMP=$(mktemp)
+          JQ_FILTER='.ipv6 = true | .["fixed-cidr-v6"] = "fd00:dead:beef:c0::/80"'
+          [[ "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]] \
+            && JQ_FILTER+=' | .ip6tables = true | .experimental = true'
+          jq "$JQ_FILTER" "$DOCKER_DAEMON_CONFIG" >"$TMP" && mv "$TMP" "$DOCKER_DAEMON_CONFIG"
+          echo -e "${LIGHT_GREEN}daemon.json updated. Restarting Docker...${NC}"
+          (command -v systemctl &>/dev/null && systemctl restart docker) || service docker restart
+          echo -e "${YELLOW}Docker restarted.${NC}"
+        else
+          echo -e "${RED}Please install jq or manually update daemon.json and restart Docker.${NC}"
+          exit 1
+        fi
+      else
+        echo -e "${YELLOW}User declined Docker update – please insert these changes manually:${NC}"
+        echo "${MISSING[*]}"
+        exit 1
+      fi
+    fi
+
+  else
+    # Create new daemon.json if missing
+    if [[ -n "$FORCE" ]]; then
+      ans=Y
+    else
+      read -p "$DOCKER_DAEMON_CONFIG not found. Create it with IPv6 settings? [Y/n] " ans
+      ans=${ans:-Y}
+    fi
+
+    if [[ $ans =~ ^[Yy]$ ]]; then
+      if [[ -n "$DOCKER_MAJOR" && "$DOCKER_MAJOR" -lt 27 ]]; then
+        cat > "$DOCKER_DAEMON_CONFIG" <<EOF
+{
+  "ipv6": true,
+  "fixed-cidr-v6": "fd00:dead:beef:c0::/80",
+  "ip6tables": true,
+  "experimental": true
+}
+EOF
+      else
+        cat > "$DOCKER_DAEMON_CONFIG" <<EOF
+{
+  "ipv6": true,
+  "fixed-cidr-v6": "fd00:dead:beef:c0::/80"
+}
+EOF
+      fi
+      echo -e "${GREEN}Created $DOCKER_DAEMON_CONFIG with IPv6 settings.${NC}"
+      echo "Restarting Docker..."
+      (command -v systemctl &>/dev/null && systemctl restart docker) || service docker restart
+      echo "Docker restarted."
+    else
+      echo "User declined to create daemon.json – please manually merge the docker daemon with these configs:"
+      echo "${MISSING[*]}"
+      exit 1
+    fi
+  fi
+}
+
+# 3) Main wrapper for generate_config.sh and update.sh
+configure_ipv6() {
+  # detect manual override if mailcow.conf is present
+  if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]] && grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
+    MANUAL_SETTING=$(grep '^ENABLE_IPV6=' "$MAILCOW_CONF" | cut -d= -f2)
+  elif [[ -z "$MAILCOW_CONF" ]] && [[ ! -z "${ENABLE_IPV6:-}" ]]; then
+    MANUAL_SETTING="$ENABLE_IPV6"
+  else
+    MANUAL_SETTING=""
+  fi
+
+  get_ipv6_support
+
+  # if user manually set it, check for mismatch
+  if [[ -n "$MANUAL_SETTING" ]]; then
+    if [[ "$MANUAL_SETTING" == "false" && "$DETECTED_IPV6" == "true" ]]; then
+      echo -e "${RED}ERROR: You have ENABLE_IPV6=false but your host and Docker support IPv6.${NC}"
+      echo -e "${RED}This can create an open relay. Please set ENABLE_IPV6=true in your mailcow.conf and re-run.${NC}"
+      exit 1
+    elif [[ "$MANUAL_SETTING" == "true" && "$DETECTED_IPV6" == "false" ]]; then
+      echo -e "${RED}ERROR: You have ENABLE_IPV6=true but your host does not support IPv6.${NC}"
+      echo -e "${RED}Please disable or fix your host/Docker IPv6 support, or set ENABLE_IPV6=false.${NC}"
+      exit 1
+    else
+      return
+    fi
+  fi
+
+  # no manual override: proceed to set or export
+  if [[ "$DETECTED_IPV6" == "true" ]]; then
+    docker_daemon_edit
+  else
+    echo "Skipping Docker IPv6 configuration because host does not support IPv6."
+  fi
+
+  # now write into mailcow.conf or export
+  if [[ -n "$MAILCOW_CONF" && -f "$MAILCOW_CONF" ]]; then
+    LINE="ENABLE_IPV6=$DETECTED_IPV6"
+    if grep -q '^ENABLE_IPV6=' "$MAILCOW_CONF"; then
+      sed -i "s/^ENABLE_IPV6=.*/$LINE/" "$MAILCOW_CONF"
+    else
+      echo "$LINE" >> "$MAILCOW_CONF"
+    fi
+  else
+    export IPV6_BOOL="$DETECTED_IPV6"
+  fi
+
+  echo "IPv6 configuration complete: ENABLE_IPV6=$DETECTED_IPV6"
+}
\ No newline at end of file
diff --git a/_modules/scripts/migrate_options.sh b/_modules/scripts/migrate_options.sh
new file mode 100644
index 000000000..6a584b9f7
--- /dev/null
+++ b/_modules/scripts/migrate_options.sh
@@ -0,0 +1,96 @@
+#!/usr/bin/env bash
+# _modules/scripts/migrate_options.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+migrate_config_options() {
+
+  sed -i --follow-symlinks '$a\' mailcow.conf
+
+  KEYS=(
+    SOLR_HEAP
+    SKIP_SOLR
+    SOLR_PORT
+    FLATCURVE_EXPERIMENTAL
+    DISABLE_IPv6
+    ACME_CONTACT
+  )
+
+  for key in "${KEYS[@]}"; do
+    if grep -q "${key}" mailcow.conf; then
+      case "${key}" in
+        SOLR_HEAP)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/# Solr heap size in MB\b/d' mailcow.conf
+          sed -i '/# Solr is a prone to run\b/d' mailcow.conf
+          sed -i '/SOLR_HEAP\b/d' mailcow.conf
+          ;;
+        SKIP_SOLR)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/\bSkip Solr on low-memory\b/d' mailcow.conf
+          sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
+          sed -i '/\bDisable Solr or\b/d' mailcow.conf
+          sed -i '/\bSKIP_SOLR\b/d' mailcow.conf
+          ;;
+        SOLR_PORT)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/\bSOLR_PORT\b/d' mailcow.conf
+          ;;
+        FLATCURVE_EXPERIMENTAL)
+          echo "Removing ${key} in mailcow.conf"
+          sed -i '/\bFLATCURVE_EXPERIMENTAL\b/d' mailcow.conf
+          ;;
+        DISABLE_IPv6)
+          echo "Migrating ${key} to ENABLE_IPv6 in mailcow.conf"
+          local old=$(grep '^DISABLE_IPv6=' "mailcow.conf" | cut -d'=' -f2)
+          local new
+          if [[ "$old" == "y" ]]; then
+            new="false"
+          else
+            new="true"
+          fi
+          sed -i '/^DISABLE_IPv6=/d' "mailcow.conf"
+          echo "ENABLE_IPV6=$new" >> "mailcow.conf"
+          ;;
+        ACME_CONTACT)
+          echo "Deleting obsoleted ${key} in mailcow.conf"
+          sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
+          sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
+          sed -i '/^# This value is only used on first order!/d' mailcow.conf
+          sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf
+          sed -i '/^# https:\/\/docs.mailcow.email\/troubleshooting\/debug-reset_tls\//d' mailcow.conf
+          sed -i '/^ACME_CONTACT=.*/d' mailcow.conf
+          sed -i '/^#ACME_CONTACT=.*/d' mailcow.conf
+          ;;
+      esac
+    fi
+  done
+
+  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
+  if [[ -n $solr_volume ]]; then
+    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\nThe volume $solr_volume is unused.\e[0m"
+    sleep 1
+    if [ ! "$FORCE" ]; then
+      read -r -p "Remove $solr_volume? [y/N] " response
+      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        echo -e "\e[33mRemoving $solr_volume...\e[0m"
+        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
+        echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
+      else
+        echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
+      fi
+    else
+      echo -e "\e[33mForce removing $solr_volume...\e[0m"
+      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
+      echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
+    fi
+  fi
+
+  # Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
+  FTS_CONF_PATH="${SCRIPT_DIR}/data/conf/dovecot/conf.d/fts.conf"
+  if [[ -f "$FTS_CONF_PATH" ]]; then
+    if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
+      rm -rf $FTS_CONF_PATH
+    fi
+  fi
+}
\ No newline at end of file
diff --git a/_modules/scripts/new_options.sh b/_modules/scripts/new_options.sh
new file mode 100644
index 000000000..a3f47dc61
--- /dev/null
+++ b/_modules/scripts/new_options.sh
@@ -0,0 +1,299 @@
+#!/usr/bin/env bash
+# _modules/scripts/new_options.sh
+# THIS SCRIPT IS DESIGNED TO BE RUNNING BY MAILCOW SCRIPTS ONLY!
+# DO NOT, AGAIN, NOT TRY TO RUN THIS SCRIPT STANDALONE!!!!!!
+
+adapt_new_options() {
+
+  CONFIG_ARRAY=(
+  "AUTODISCOVER_SAN"
+  "SKIP_LETS_ENCRYPT"
+  "SKIP_SOGO"
+  "USE_WATCHDOG"
+  "WATCHDOG_NOTIFY_EMAIL"
+  "WATCHDOG_NOTIFY_WEBHOOK"
+  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
+  "WATCHDOG_NOTIFY_BAN"
+  "WATCHDOG_NOTIFY_START"
+  "WATCHDOG_EXTERNAL_CHECKS"
+  "WATCHDOG_SUBJECT"
+  "SKIP_CLAMD"
+  "SKIP_OLEFY"
+  "SKIP_IP_CHECK"
+  "ADDITIONAL_SAN"
+  "DOVEADM_PORT"
+  "IPV4_NETWORK"
+  "IPV6_NETWORK"
+  "LOG_LINES"
+  "SNAT_TO_SOURCE"
+  "SNAT6_TO_SOURCE"
+  "COMPOSE_PROJECT_NAME"
+  "DOCKER_COMPOSE_VERSION"
+  "SQL_PORT"
+  "API_KEY"
+  "API_KEY_READ_ONLY"
+  "API_ALLOW_FROM"
+  "MAILDIR_GC_TIME"
+  "MAILDIR_SUB"
+  "ACL_ANYONE"
+  "FTS_HEAP"
+  "FTS_PROCS"
+  "SKIP_FTS"
+  "ENABLE_SSL_SNI"
+  "ALLOW_ADMIN_EMAIL_LOGIN"
+  "SKIP_HTTP_VERIFICATION"
+  "SOGO_EXPIRE_SESSION"
+  "REDIS_PORT"
+  "REDISPASS"
+  "DOVECOT_MASTER_USER"
+  "DOVECOT_MASTER_PASS"
+  "MAILCOW_PASS_SCHEME"
+  "ADDITIONAL_SERVER_NAMES"
+  "WATCHDOG_VERBOSE"
+  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
+  "SPAMHAUS_DQS_KEY"
+  "SKIP_UNBOUND_HEALTHCHECK"
+  "DISABLE_NETFILTER_ISOLATION_RULE"
+  "HTTP_REDIRECT"
+  "ENABLE_IPV6"
+  )
+
+  sed -i --follow-symlinks '$a\' mailcow.conf
+  for option in ${CONFIG_ARRAY[@]}; do
+    if grep -q "${option}" mailcow.conf; then
+      continue
+    fi
+
+    echo "Adding new option \"${option}\" to mailcow.conf"
+
+    case "${option}" in
+        AUTODISCOVER_SAN)
+            echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
+            echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
+            echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
+            echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
+            echo '# in the reverse proxy.' >> mailcow.conf
+            echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
+            ;;
+
+        DOCKER_COMPOSE_VERSION)
+            echo "# Used Docker Compose version" >> mailcow.conf
+            echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
+            echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
+            echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
+            echo "# Please be aware that at least one of those variants should be installed on your machine or mailcow will fail." >> mailcow.conf
+            echo "" >> mailcow.conf
+            echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
+            ;;
+
+        DOVEADM_PORT)
+            echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
+            ;;
+
+        LOG_LINES)
+            echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
+            echo "LOG_LINES=9999" >> mailcow.conf
+            ;;
+        
+        IPV4_NETWORK)
+            echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
+            echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
+            ;;
+        IPV6_NETWORK)
+            echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
+            echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
+            ;;
+        SQL_PORT)
+            echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
+            echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
+            ;;
+        API_KEY)
+            echo '# Create or override API key for web UI' >> mailcow.conf
+            echo "#API_KEY=" >> mailcow.conf
+            ;;
+        API_KEY_READ_ONLY)
+            echo '# Create or override read-only API key for web UI' >> mailcow.conf
+            echo "#API_KEY_READ_ONLY=" >> mailcow.conf
+            ;;
+        API_ALLOW_FROM)
+            echo '# Must be set for API_KEY to be active' >> mailcow.conf
+            echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
+            echo "#API_ALLOW_FROM=" >> mailcow.conf
+            ;;
+        SNAT_TO_SOURCE)
+            echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
+            echo "#SNAT_TO_SOURCE=" >> mailcow.conf
+            ;;
+        SNAT6_TO_SOURCE)
+            echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
+            echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
+            ;;
+        MAILDIR_GC_TIME)
+            echo '# Garbage collector cleanup' >> mailcow.conf
+            echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
+            echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
+            echo '# Check interval is hourly' >> mailcow.conf
+            echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
+            ;;
+        ACL_ANYONE)
+            echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
+            echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
+            echo '# This should probably only be activated on mail hosts, that are used exclusively by one organisation.' >> mailcow.conf
+            echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
+            echo 'ACL_ANYONE=disallow' >> mailcow.conf
+            ;;
+        FTS_HEAP)
+            echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
+            echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
+            echo '# Please always monitor your Resource consumption!' >> mailcow.conf
+            echo "FTS_HEAP=128" >> mailcow.conf
+            ;;
+        SKIP_FTS)
+            echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
+            echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
+            echo "SKIP_FTS=y" >> mailcow.conf
+            ;;
+        FTS_PROCS)
+            echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
+            echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
+            echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
+            echo "FTS_PROCS=1" >> mailcow.conf
+            ;;
+        ENABLE_SSL_SNI)
+            echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
+            echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
+            echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
+            echo "ENABLE_SSL_SNI=n" >> mailcow.conf
+            ;;
+        SKIP_SOGO)
+            echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
+            echo "SKIP_SOGO=n" >> mailcow.conf
+            ;;
+        MAILDIR_SUB)
+            echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
+            echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
+            echo "MAILDIR_SUB=" >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_WEBHOOK)
+            echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
+            echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
+            echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_WEBHOOK_BODY)
+            echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
+            echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
+            WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
+            echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_BAN)
+            echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
+            echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
+            ;;
+        WATCHDOG_NOTIFY_START)
+            echo '# Send a notification when the watchdog is started.' >> mailcow.conf
+            echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
+            ;;
+        WATCHDOG_SUBJECT)
+            echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
+            echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
+            ;;
+        WATCHDOG_EXTERNAL_CHECKS)
+            echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
+            echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
+            echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
+            echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
+            ;;
+        SOGO_EXPIRE_SESSION)
+            echo '# SOGo session timeout in minutes' >> mailcow.conf
+            echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
+            ;;
+        REDIS_PORT)
+            echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
+            ;;
+        DOVECOT_MASTER_USER)
+            echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
+            echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
+            echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
+            echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
+            echo "DOVECOT_MASTER_USER=" >> mailcow.conf
+            ;;
+        DOVECOT_MASTER_PASS)
+            echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
+            echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
+            ;;
+        MAILCOW_PASS_SCHEME)
+            echo '# Password hash algorithm' >> mailcow.conf
+            echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
+            echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
+            echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
+            ;;
+        ADDITIONAL_SERVER_NAMES)
+            echo '# Additional server names for mailcow UI' >> mailcow.conf
+            echo '#' >> mailcow.conf
+            echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
+            echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
+            echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
+            echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
+            echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
+            echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
+            ;;
+        WEBAUTHN_ONLY_TRUSTED_VENDORS)
+            echo "# WebAuthn device manufacturer verification" >> mailcow.conf
+            echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
+            echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
+            echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
+            ;;
+        SPAMHAUS_DQS_KEY)
+            echo "# Spamhaus Data Query Service Key" >> mailcow.conf
+            echo '# Optional: Leave empty for none' >> mailcow.conf
+            echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
+            echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
+            echo '# Otherwise it will work as usual.' >> mailcow.conf
+            echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
+            ;;
+        WATCHDOG_VERBOSE)
+            echo '# Enable watchdog verbose logging' >> mailcow.conf
+            echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
+            ;;
+        SKIP_UNBOUND_HEALTHCHECK)
+            echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
+            echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
+            ;;
+        DISABLE_NETFILTER_ISOLATION_RULE)
+            echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
+            echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
+            echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
+            ;;
+        HTTP_REDIRECT)
+            echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
+            echo 'HTTP_REDIRECT=n' >> mailcow.conf
+            ;;
+        ENABLE_IPV6)
+            echo '# IPv6 Controller Section' >> mailcow.conf
+            echo '# This variable controls the usage of IPv6 within mailcow.' >> mailcow.conf
+            echo '# Can either be true or false | Defaults to true' >> mailcow.conf
+            echo '# WARNING: MAKE SURE TO PROPERLY CONFIGURE IPv6 ON YOUR HOST FIRST BEFORE ENABLING THIS AS FAULTY CONFIGURATIONS CAN LEAD TO OPEN RELAYS!' >> mailcow.conf
+            echo '# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.' >> mailcow.conf
+            echo ENABLE_IPV6=${IPV6_BOOL} >> mailcow.conf
+            ;;
+    
+        SKIP_CLAMD)
+            echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
+            echo 'SKIP_CLAMD=n' >> mailcow.conf
+            ;;
+
+        SKIP_OLEFY)
+            echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
+            echo 'SKIP_OLEFY=n' >> mailcow.conf
+            ;;
+        
+        REDISPASS)
+            echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2>/dev/null | head -c 28)" >> mailcow.conf
+            ;;
+                  
+        *)
+            echo "${option}=" >> mailcow.conf
+            ;;
+    esac
+  done
+}
\ No newline at end of file
diff --git a/data/Dockerfiles/nginx/bootstrap.py b/data/Dockerfiles/nginx/bootstrap.py
index 11e6fc202..d2d01c0b9 100644
--- a/data/Dockerfiles/nginx/bootstrap.py
+++ b/data/Dockerfiles/nginx/bootstrap.py
@@ -10,7 +10,7 @@ def includes_conf(env, template_vars):
   server_name_config = f"server_name {template_vars['MAILCOW_HOSTNAME']} autodiscover.* autoconfig.* {' '.join(template_vars['ADDITIONAL_SERVER_NAMES'])};"
   listen_plain_config = f"listen {template_vars['HTTP_PORT']};"
   listen_ssl_config = f"listen {template_vars['HTTPS_PORT']};"
-  if not template_vars['DISABLE_IPv6']:
+  if not template_vars['ENABLE_IPV6']:
     listen_plain_config += f"\nlisten [::]:{template_vars['HTTP_PORT']};"
     listen_ssl_config += f"\nlisten [::]:{template_vars['HTTPS_PORT']} ssl;"
   listen_ssl_config += "\nhttp2 on;"
@@ -58,7 +58,7 @@ def prepare_template_vars():
     'SOGOHOST': os.getenv("SOGOHOST", ipv4_network + ".248"),
     'RSPAMDHOST': os.getenv("RSPAMDHOST", "rspamd-mailcow"),
     'PHPFPMHOST': os.getenv("PHPFPMHOST", "php-fpm-mailcow"),
-    'DISABLE_IPv6': os.getenv("DISABLE_IPv6", "n").lower() in ("y", "yes"),
+    'ENABLE_IPV6': os.getenv("ENABLE_IPV6", "true").lower() != "false",
     'HTTP_REDIRECT': os.getenv("HTTP_REDIRECT", "n").lower() in ("y", "yes"),
   }
 
diff --git a/docker-compose.yml b/docker-compose.yml
index e6b5dc20d..c55158dbb 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -394,7 +394,7 @@ services:
         - php-fpm-mailcow
         - sogo-mailcow
         - rspamd-mailcow
-      image: ghcr.io/mailcow/nginx:1.03
+      image: ghcr.io/mailcow/nginx:1.04
       dns:
         - ${IPV4_NETWORK:-172.22.1}.254
       environment:
@@ -405,7 +405,7 @@ services:
         - TZ=${TZ}
         - SKIP_SOGO=${SKIP_SOGO:-n}
         - SKIP_RSPAMD=${SKIP_RSPAMD:-n}
-        - DISABLE_IPv6=${DISABLE_IPv6:-n}
+        - ENABLE_IPV6=${ENABLE_IPV6:-true}
         - HTTP_REDIRECT=${HTTP_REDIRECT:-n}
         - PHPFPMHOST=${PHPFPMHOST:-}
         - SOGOHOST=${SOGOHOST:-}
@@ -629,41 +629,12 @@ services:
           aliases:
             - ofelia
 
-    ipv6nat-mailcow:
-      depends_on:
-        - unbound-mailcow
-        - mysql-mailcow
-        - redis-mailcow
-        - clamd-mailcow
-        - rspamd-mailcow
-        - php-fpm-mailcow
-        - sogo-mailcow
-        - dovecot-mailcow
-        - postfix-mailcow
-        - memcached-mailcow
-        - nginx-mailcow
-        - acme-mailcow
-        - netfilter-mailcow
-        - watchdog-mailcow
-        - dockerapi-mailcow
-      environment:
-        - TZ=${TZ}
-      image: robbertkl/ipv6nat
-      security_opt:
-        - label=disable
-      restart: always
-      privileged: true
-      network_mode: "host"
-      volumes:
-        - /var/run/docker.sock:/var/run/docker.sock:ro
-        - /lib/modules:/lib/modules:ro
-
 networks:
   mailcow-network:
     driver: bridge
     driver_opts:
       com.docker.network.bridge.name: br-mailcow
-    enable_ipv6: true
+    enable_ipv6: ${ENABLE_IPV6:-true}
     ipam:
       driver: default
       config:
diff --git a/generate_config.sh b/generate_config.sh
index 61b72109c..9610bf18d 100755
--- a/generate_config.sh
+++ b/generate_config.sh
@@ -1,32 +1,13 @@
 #!/usr/bin/env bash
 
+# Load mailcow Generic Scripts
+source _modules/scripts/core.sh
+source _modules/scripts/ipv6_controller.sh
+
 set -o pipefail
 
-if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
-  echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
-  echo "Please update to 5.x or use another distribution."
-  exit 1
-fi
-
-if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
-  if grep -q Ubuntu <<< "$(uname -a)"; then
-    echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
-    echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
-    exit 1
-  fi
-fi
-
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
-# This will also cover sort
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
-if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
-
-for bin in openssl curl docker git awk sha1sum grep cut; do
-  if [[ -z $(which ${bin}) ]]; then echo "Cannot find ${bin}, exiting..."; exit 1; fi
-done
-
-# Check Docker Version (need at least 24.X)
-docker_version=$(docker version --format '{{.Server.Version}}' | cut -d '.' -f 1)
+get_installed_tools
+get_docker_version
 
 if [[ $docker_version -lt 24 ]]; then
   echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
@@ -35,65 +16,7 @@ if [[ $docker_version -lt 24 ]]; then
   exit 1
 fi
 
-if docker compose > /dev/null 2>&1; then
-    if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
-      COMPOSE_VERSION=native
-      echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
-      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-      sleep 2
-      echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
-    else
-      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-      echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-elif docker-compose > /dev/null 2>&1; then
-  if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-    if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-      COMPOSE_VERSION=standalone
-      echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
-      echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-      sleep 2
-      echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
-    else
-      echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-      echo -e "\e[31mPlease update/install manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-  fi
-
-else
-  echo -e "\e[31mCannot find Docker Compose.\e[0m"
-  echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-  exit 1
-fi
-
-detect_bad_asn() {
-  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
-  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
-  if [ "$response" -eq 503 ]; then
-    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
-      sleep 2
-      echo ""
-      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
-      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
-      echo ""
-      sleep 2
-
-    else
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
-    fi
-  elif [ "$response" -eq 200 ]; then
-    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
-  elif [ "$response" -eq 429 ]; then
-    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
-  else
-    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
-  fi
-}
+detect_bad_asn
 
 ### If generate_config.sh is started with --dev or -d it will not check out nightly or master branch and will keep on the current branch
 if [[ ${1} == "--dev" || ${1} == "-d" ]]; then
@@ -217,6 +140,8 @@ if [ ! -z "${MAILCOW_BRANCH}" ]; then
   git_branch=${MAILCOW_BRANCH}
 fi
 
+configure_ipv6
+
 [ ! -f ./data/conf/rspamd/override.d/worker-controller-password.inc ] && echo '# Placeholder' > ./data/conf/rspamd/override.d/worker-controller-password.inc
 
 cat << EOF > mailcow.conf
@@ -510,6 +435,13 @@ WEBAUTHN_ONLY_TRUSTED_VENDORS=n
 # Otherwise it will work normally.
 SPAMHAUS_DQS_KEY=
 
+# IPv6 Controller Section
+# This variable controls the usage of IPv6 within mailcow.
+# Can either be true or false | Defaults to true
+# WARNING: MAKE SURE TO PROPERLY CONFIGURE IPv6 ON YOUR HOST FIRST BEFORE ENABLING THIS AS FAULTY CONFIGURATIONS CAN LEAD TO OPEN RELAYS!
+# A COMPLETE DOCKER STACK REBUILD (compose down && compose up -d) IS NEEDED TO APPLY THIS.
+ENABLE_IPV6=${IPV6_BOOL}
+
 # Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n
 # CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost
 DISABLE_NETFILTER_ISOLATION_RULE=n
@@ -588,6 +520,4 @@ else
   echo '  $MAILCOW_UPDATEDAT='$(date +%s)';' >> data/web/inc/app_info.inc.php
   echo '?>' >> data/web/inc/app_info.inc.php
   echo -e "\e[33mCannot determine current git repository version...\e[0m"
-fi
-
-detect_bad_asn
+fi
\ No newline at end of file
diff --git a/update.sh b/update.sh
index b7d22bf8a..89dec3e66 100755
--- a/update.sh
+++ b/update.sh
@@ -2,775 +2,23 @@
 
 ############## Begin Function Section ##############
 
-check_online_status() {
-  CHECK_ONLINE_DOMAINS=('https://github.com' 'https://hub.docker.com')
-  for domain in "${CHECK_ONLINE_DOMAINS[@]}"; do
-    if timeout 6 curl --head --silent --output /dev/null ${domain}; then
-      return 0
-    fi
-  done
-  return 1
-}
+SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
+BRANCH="$(cd "${SCRIPT_DIR}" && git rev-parse --abbrev-ref HEAD)"
 
-prefetch_images() {
-  [[ -z ${BRANCH} ]] && { echo -e "\e[33m\nUnknown branch...\e[0m"; exit 1; }
-  git fetch origin #${BRANCH}
-  while read image; do
-    if [[ "${image}" == "robbertkl/ipv6nat" ]]; then
-      if ! grep -qi "ipv6nat-mailcow" docker-compose.yml || grep -qi "enable_ipv6: false" docker-compose.yml; then
-        continue
-      fi
-    fi
-    RET_C=0
-    until docker pull "${image}"; do
-      RET_C=$((RET_C + 1))
-      echo -e "\e[33m\nError pulling $image, retrying...\e[0m"
-      [ ${RET_C} -gt 3 ] && { echo -e "\e[31m\nToo many failed retries, exiting\e[0m"; exit 1; }
-      sleep 1
-    done
-  done < <(git show "origin/${BRANCH}:docker-compose.yml" | grep "image:" | awk '{ gsub("image:","", $3); print $2 }')
-}
-
-docker_garbage() {
-  SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
-  IMGS_TO_DELETE=()
-
-  declare -A IMAGES_INFO
-  COMPOSE_IMAGES=($(grep -oP "image: \K(ghcr\.io/)?mailcow.+" "${SCRIPT_DIR}/docker-compose.yml"))
-
-  for existing_image in $(docker images --format "{{.ID}}:{{.Repository}}:{{.Tag}}" | grep -E '(mailcow/|ghcr\.io/mailcow/)'); do
-      ID=$(echo "$existing_image" | cut -d ':' -f 1)
-      REPOSITORY=$(echo "$existing_image" | cut -d ':' -f 2)
-      TAG=$(echo "$existing_image" | cut -d ':' -f 3)
-
-      if [[ "$REPOSITORY" == "mailcow/backup" || "$REPOSITORY" == "ghcr.io/mailcow/backup" ]]; then
-          if [[ "$TAG" != "<none>" ]]; then
-              continue
-          fi
-      fi
-
-      if [[ " ${COMPOSE_IMAGES[@]} " =~ " ${REPOSITORY}:${TAG} " ]]; then
-          continue
-      else
-          IMGS_TO_DELETE+=("$ID")
-          IMAGES_INFO["$ID"]="$REPOSITORY:$TAG"
-      fi
-  done
-
-  if [[ ! -z ${IMGS_TO_DELETE[*]} ]]; then
-      echo "The following unused mailcow images were found:"
-      for id in "${IMGS_TO_DELETE[@]}"; do
-          echo "    ${IMAGES_INFO[$id]} ($id)"
-      done
-
-      if [ -z "$FORCE" ]; then
-          read -r -p "Do you want to delete them to free up some space? [y/N] " response
-          if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-              docker rmi ${IMGS_TO_DELETE[*]}
-          else
-              echo "OK, skipped."
-          fi
-      else
-          echo "Running in forced mode! Force removing old mailcow images..."
-          docker rmi ${IMGS_TO_DELETE[*]}
-      fi
-      echo -e "\e[32mFurther cleanup...\e[0m"
-      echo "If you want to cleanup further garbage collected by Docker, please make sure all containers are up and running before cleaning your system by executing \"docker system prune\""
-  fi
-}
-
-in_array() {
-  local e match="$1"
-  shift
-  for e; do [[ "$e" == "$match" ]] && return 0; done
-  return 1
-}
-
-migrate_docker_nat() {
-  NAT_CONFIG='{"ipv6":true,"fixed-cidr-v6":"fd00:dead:beef:c0::/80","experimental":true,"ip6tables":true}'
-  # Min Docker version
-  DOCKERV_REQ=20.10.2
-  # Current Docker version
-  DOCKERV_CUR=$(docker version -f '{{.Server.Version}}')
-  if grep -qi "ipv6nat-mailcow" docker-compose.yml && grep -qi "enable_ipv6: true" docker-compose.yml; then
-    echo -e "\e[32mNative IPv6 implementation available.\e[0m"
-    echo "This will enable experimental features in the Docker daemon and configure Docker to do the IPv6 NATing instead of ipv6nat-mailcow."
-    echo '!!! This step is recommended !!!'
-    echo "mailcow will try to roll back the changes if starting Docker fails after modifying the daemon.json configuration file."
-    read -r -p "Should we try to enable the native IPv6 implementation in Docker now (recommended)? [y/N] " dockernatresponse
-    if [[ ! "${dockernatresponse}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-      echo "OK, skipping this step."
-      return 0
-    fi
-  fi
-  # Sort versions and check if we are running a newer or equal version to req
-  if [ $(printf "${DOCKERV_REQ}\n${DOCKERV_CUR}" | sort -V | tail -n1) == "${DOCKERV_CUR}" ]; then
-    # If Dockerd daemon json exists
-    if [ -s /etc/docker/daemon.json ]; then
-      IFS=',' read -r -a dockerconfig <<< $(cat /etc/docker/daemon.json | tr -cd '[:alnum:],')
-      if ! in_array ipv6true "${dockerconfig[@]}" || \
-        ! in_array experimentaltrue "${dockerconfig[@]}" || \
-        ! in_array ip6tablestrue "${dockerconfig[@]}" || \
-        ! grep -qi "fixed-cidr-v6" /etc/docker/daemon.json; then
-          echo -e "\e[33mWarning:\e[0m You seem to have modified the /etc/docker/daemon.json configuration by yourself and not fully/correctly activated the native IPv6 NAT implementation."
-          echo "You will need to merge your existing configuration manually or fix/delete the existing daemon.json configuration before trying the update process again."
-          echo -e "Please merge the following content and restart the Docker daemon:\n"
-          echo "${NAT_CONFIG}"
-          return 1
-      fi
-    else
-      echo "Working on IPv6 NAT, please wait..."
-      echo "${NAT_CONFIG}" > /etc/docker/daemon.json
-      ip6tables -F -t nat
-      [[ -e /etc/rc.conf ]] && rc-service docker restart || systemctl restart docker.service
-      if [[ $? -ne 0 ]]; then
-        echo -e "\e[31mError:\e[0m Failed to activate IPv6 NAT! Reverting and exiting."
-        rm /etc/docker/daemon.json
-        if [[ -e /etc/rc.conf ]]; then
-          rc-service docker restart
-        else
-          systemctl reset-failed docker.service
-          systemctl restart docker.service
-        fi
-        return 1
-      fi
-    fi
-    # Removing legacy container
-    sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.yml
-    if [ -s docker-compose.override.yml ]; then
-        sed -i '/ipv6nat-mailcow:$/,/^$/d' docker-compose.override.yml
-        if [[ "$(cat docker-compose.override.yml | sed '/^\s*$/d' | wc -l)" == "2" ]]; then
-            mv docker-compose.override.yml docker-compose.override.yml_backup
-        fi
-    fi
-    echo -e "\e[32mGreat! \e[0mNative IPv6 NAT is active.\e[0m"
-  else
-    echo -e "\e[31mPlease upgrade Docker to version ${DOCKERV_REQ} or above.\e[0m"
-    return 0
-  fi
-}
-
-remove_obsolete_nginx_ports() {
-    # Removing obsolete docker-compose.override.yml
-    for override in docker-compose.override.yml docker-compose.override.yaml; do
-    if [ -s $override ] ; then
-        if cat $override | grep nginx-mailcow > /dev/null 2>&1; then
-          if cat $override | grep -E '(\[::])' > /dev/null 2>&1; then
-            if cat $override | grep -w 80:80 > /dev/null 2>&1 && cat $override | grep -w 443:443 > /dev/null 2>&1 ; then
-              echo -e "\e[33mBacking up ${override} to preserve custom changes...\e[0m"
-              echo -e "\e[33m!!! Manual Merge needed (if other overrides are set) !!!\e[0m"
-              sleep 3
-              cp $override ${override}_backup
-              sed -i '/nginx-mailcow:$/,/^$/d' $override
-              echo -e "\e[33mRemoved obsolete NGINX IPv6 Bind from original override File.\e[0m"
-                if [[ "$(cat $override | sed '/^\s*$/d' | wc -l)" == "2" ]]; then
-                  mv $override ${override}_empty
-                  echo -e "\e[31m${override} is empty. Renamed it to ensure mailcow is startable.\e[0m"
-                fi
-            fi
-          fi
-        fi
-    fi
-    done
-}
-
-detect_docker_compose_command(){
-if ! [[ "${DOCKER_COMPOSE_VERSION}" =~ ^(native|standalone)$ ]]; then
-  if docker compose > /dev/null 2>&1; then
-      if docker compose version --short | grep -e "^2." -e "^v2." > /dev/null 2>&1; then
-        DOCKER_COMPOSE_VERSION=native
-        COMPOSE_COMMAND="docker compose"
-        echo -e "\e[33mFound Docker Compose Plugin (native).\e[0m"
-        echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to native\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
-        sleep 2
-        echo -e "\e[33mNotice: You'll have to update this Compose Version via your Package Manager manually!\e[0m"
-      else
-        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-        echo -e "\e[31mPlease update/install it manually regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-        exit 1
-      fi
-  elif docker-compose > /dev/null 2>&1; then
-    if ! [[ $(alias docker-compose 2> /dev/null) ]] ; then
-      if docker-compose version --short | grep "^2." > /dev/null 2>&1; then
-        DOCKER_COMPOSE_VERSION=standalone
-        COMPOSE_COMMAND="docker-compose"
-        echo -e "\e[33mFound Docker Compose Standalone.\e[0m"
-        echo -e "\e[33mSetting the DOCKER_COMPOSE_VERSION Variable to standalone\e[0m"
-        sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
-        sleep 2
-        echo -e "\e[33mNotice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.\e[0m"
-      else
-        echo -e "\e[31mCannot find Docker Compose with a Version Higher than 2.X.X.\e[0m"
-        echo -e "\e[31mPlease update/install regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-        exit 1
-      fi
-    fi
-
-  else
-    echo -e "\e[31mCannot find Docker Compose.\e[0m"
-    echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-    exit 1
-  fi
-
-elif [ "${DOCKER_COMPOSE_VERSION}" == "native" ]; then
-  COMPOSE_COMMAND="docker compose"
-  # Check if Native Compose works and has not been deleted
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker-compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1 || ! $COMPOSE_COMMAND --version | grep "^2." > /dev/null 2>&1; then
-      # IF it cannot find Standalone in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose or the Version is lower then 2.X.X.\e[0m"
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-      # If it finds the standalone Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from native to standalone\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=standalone/' "$SCRIPT_DIR/mailcow.conf"
-      sleep 2
-  fi
-
-
-elif [ "${DOCKER_COMPOSE_VERSION}" == "standalone" ]; then
-  COMPOSE_COMMAND="docker-compose"
-  # Check if Standalone Compose works and has not been deleted
-  if ! $COMPOSE_COMMAND > /dev/null 2>&1 && ! $COMPOSE_COMMAND --version > /dev/null 2>&1 | grep "^2." > /dev/null 2>&1; then
-    # IF it not exists/work anymore try the other command
-    COMPOSE_COMMAND="docker compose"
-    if ! $COMPOSE_COMMAND > /dev/null 2>&1; then
-      # IF it cannot find Native in > 2.X, then script stops
-      echo -e "\e[31mCannot find Docker Compose.\e[0m"
-      echo -e "\e[31mPlease install it regarding to this doc site: https://docs.mailcow.email/install/\e[0m"
-      exit 1
-    fi
-      # If it finds the native Plugin it will use this instead and change the mailcow.conf Variable accordingly
-      echo -e "\e[31mFound different Docker Compose Version then declared in mailcow.conf!\e[0m"
-      echo -e "\e[31mSetting the DOCKER_COMPOSE_VERSION Variable from standalone to native\e[0m"
-      sed -i 's/^DOCKER_COMPOSE_VERSION=.*/DOCKER_COMPOSE_VERSION=native/' "$SCRIPT_DIR/mailcow.conf"
-      sleep 2
-  fi
+MODULE_DIR="${SCRIPT_DIR}/_modules"
+if [[ ! -d "${MODULE_DIR}" || -z "$(ls -A "${MODULE_DIR}")" ]]; then
+  echo -e "\e[33m_modules is missing or empty – fetching all Modules from origin/${BRANCH}…\e[0m"
+  git fetch origin "${BRANCH}"
+  git checkout "origin/${BRANCH}" -- _modules
+  echo -e "\e[33mDone. Please restart the script...\e[0m"
+  exit 2
 fi
-}
 
-detect_bad_asn() {
-  echo -e "\e[33mDetecting if your IP is listed on Spamhaus Bad ASN List...\e[0m"
-  response=$(curl --connect-timeout 15 --max-time 30 -s -o /dev/null -w "%{http_code}" "https://asn-check.mailcow.email")
-  if [ "$response" -eq 503 ]; then
-    if [ -z "$SPAMHAUS_DQS_KEY" ]; then
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[33mmailcow did not detected a value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf!\e[0m"
-      sleep 2
-      echo ""
-      echo -e "\e[33mTo use the Spamhaus DNS Blocklists again, you will need to create a FREE account for their Data Query Service (DQS) at: https://www.spamhaus.com/free-trial/sign-up-for-a-free-data-query-service-account\e[0m"
-      echo -e "\e[33mOnce done, enter your DQS API key in mailcow.conf and mailcow will do the rest for you!\e[0m"
-      echo ""
-      sleep 2
+source _modules/scripts/core.sh
+source _modules/scripts/ipv6_controller.sh
+source _modules/scripts/new_options.sh
+source _modules/scripts/migrate_options.sh
 
-    else
-      echo -e "\e[33mYour server's public IP uses an AS that is blocked by Spamhaus to use their DNS public blocklists for Postfix.\e[0m"
-      echo -e "\e[32mmailcow detected a Value for the variable SPAMHAUS_DQS_KEY inside mailcow.conf. Postfix will use DQS with the given API key...\e[0m"
-    fi
-  elif [ "$response" -eq 200 ]; then
-    echo -e "\e[33mCheck completed! Your IP is \e[32mclean\e[0m"
-  elif [ "$response" -eq 429 ]; then
-    echo -e "\e[33mCheck completed! \e[31mYour IP seems to be rate limited on the ASN Check service... please try again later!\e[0m"
-  else
-    echo -e "\e[31mCheck failed! \e[0mMaybe a DNS or Network problem?\e[0m"
-  fi
-}
-
-fix_broken_dnslist_conf() {
-
-# Fixing issue: #6143. To be removed in a later patch
-
-  local file="${SCRIPT_DIR}/data/conf/postfix/dns_blocklists.cf"
-    # Check if the file exists
-  if [[ ! -f "$file" ]]; then
-      return 1
-  fi
-
-  # Check if the file contains the autogenerated comment
-  if grep -q "# Autogenerated by mailcow" "$file"; then
-      # Ask the user if custom changes were made
-      echo -e "\e[91mWARNING!!! \e[31mAn old version of dns_blocklists.cf has been detected which may cause a broken postfix upon startup (see: https://github.com/mailcow/mailcow-dockerized/issues/6143)...\e[0m"
-      echo -e "\e[31mIf you have any custom settings in there you might copy it away and adapt the changes after the file is regenerated...\e[0m"
-      read -p "Do you want to delete the file now and let mailcow regenerate it properly? [y/n]" response
-      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-        rm "$file"
-        echo -e "\e[32mdns_blocklists.cf has been deleted and will be properly regenerated"
-        return 0
-      else
-        echo -e "\e[35mOk, not deleting it! Please make sure you take a look at postfix upon start then..."
-        return 2
-      fi
-  fi
-
-}
-
-adapt_new_options() {
-
-  CONFIG_ARRAY=(
-  "SKIP_LETS_ENCRYPT"
-  "SKIP_SOGO"
-  "USE_WATCHDOG"
-  "WATCHDOG_NOTIFY_EMAIL"
-  "WATCHDOG_NOTIFY_WEBHOOK"
-  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
-  "WATCHDOG_NOTIFY_BAN"
-  "WATCHDOG_NOTIFY_START"
-  "WATCHDOG_EXTERNAL_CHECKS"
-  "WATCHDOG_SUBJECT"
-  "SKIP_CLAMD"
-  "SKIP_OLEFY"
-  "SKIP_IP_CHECK"
-  "ADDITIONAL_SAN"
-  "DOVEADM_PORT"
-  "IPV4_NETWORK"
-  "IPV6_NETWORK"
-  "LOG_LINES"
-  "SNAT_TO_SOURCE"
-  "SNAT6_TO_SOURCE"
-  "COMPOSE_PROJECT_NAME"
-  "DOCKER_COMPOSE_VERSION"
-  "SQL_PORT"
-  "API_KEY"
-  "API_KEY_READ_ONLY"
-  "API_ALLOW_FROM"
-  "MAILDIR_GC_TIME"
-  "MAILDIR_SUB"
-  "ACL_ANYONE"
-  "FTS_HEAP"
-  "FTS_PROCS"
-  "SKIP_FTS"
-  "ENABLE_SSL_SNI"
-  "ALLOW_ADMIN_EMAIL_LOGIN"
-  "SKIP_HTTP_VERIFICATION"
-  "SOGO_EXPIRE_SESSION"
-  "REDIS_PORT"
-  "DOVECOT_MASTER_USER"
-  "DOVECOT_MASTER_PASS"
-  "MAILCOW_PASS_SCHEME"
-  "ADDITIONAL_SERVER_NAMES"
-  "WATCHDOG_VERBOSE"
-  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
-  "SPAMHAUS_DQS_KEY"
-  "SKIP_UNBOUND_HEALTHCHECK"
-  "DISABLE_NETFILTER_ISOLATION_RULE"
-  "HTTP_REDIRECT"
-  )
-
-  sed -i --follow-symlinks '$a\' mailcow.conf
-  for option in ${CONFIG_ARRAY[@]}; do
-    if [[ ${option} == "ADDITIONAL_SAN" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "${option}=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "COMPOSE_PROJECT_NAME" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOCKER_COMPOSE_VERSION" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "# Used Docker Compose version" >> mailcow.conf
-        echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
-        echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
-        echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
-        echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
-        echo "" >> mailcow.conf
-        echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOVEADM_PORT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_EMAIL" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "LOG_LINES" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
-        echo "LOG_LINES=9999" >> mailcow.conf
-      fi
-    elif [[ ${option} == "IPV4_NETWORK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
-        echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
-      fi
-    elif [[ ${option} == "IPV6_NETWORK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
-        echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SQL_PORT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
-        echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
-      fi
-    elif [[ ${option} == "API_KEY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Create or override API key for web UI' >> mailcow.conf
-        echo "#API_KEY=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "API_KEY_READ_ONLY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Create or override read-only API key for web UI' >> mailcow.conf
-        echo "#API_KEY_READ_ONLY=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "API_ALLOW_FROM" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Must be set for API_KEY to be active' >> mailcow.conf
-        echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
-        echo "#API_ALLOW_FROM=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SNAT_TO_SOURCE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
-        echo "#SNAT_TO_SOURCE=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SNAT6_TO_SOURCE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
-        echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "MAILDIR_GC_TIME" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Garbage collector cleanup' >> mailcow.conf
-        echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
-        echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
-        echo '# Check interval is hourly' >> mailcow.conf
-        echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
-      fi
-    elif [[ ${option} == "ACL_ANYONE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
-        echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
-        echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
-        echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
-        echo 'ACL_ANYONE=disallow' >> mailcow.conf
-      fi
-    elif [[ ${option} == "FTS_HEAP" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Dovecot Indexing (FTS) Process maximum heap size in MB, there is no recommendation, please see Dovecot docs.' >> mailcow.conf
-        echo '# Flatcurve is used as FTS Engine. It is supposed to be pretty efficient in CPU and RAM consumption.' >> mailcow.conf
-        echo '# Please always monitor your Resource consumption!' >> mailcow.conf
-        echo "FTS_HEAP=128" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SKIP_FTS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip FTS (Fulltext Search) for Dovecot on low-memory, low-threaded systems or if you simply want to disable it.' >> mailcow.conf
-        echo "# Dovecot inside mailcow use Flatcurve as FTS Backend." >> mailcow.conf
-        echo "SKIP_FTS=y" >> mailcow.conf
-      fi
-    elif [[ ${option} == "FTS_PROCS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Controls how many processes the Dovecot indexing process can spawn at max.' >> mailcow.conf
-        echo '# Too many indexing processes can use a lot of CPU and Disk I/O' >> mailcow.conf
-        echo '# Please visit: https://doc.dovecot.org/configuration_manual/service_configuration/#indexer-worker for more informations' >> mailcow.conf
-        echo "FTS_PROCS=1" >> mailcow.conf
-      fi
-    elif [[ ${option} == "ENABLE_SSL_SNI" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
-        echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
-        echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
-        echo "ENABLE_SSL_SNI=n" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SKIP_SOGO" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
-        echo "SKIP_SOGO=n" >> mailcow.conf
-      fi
-    elif [[ ${option} == "MAILDIR_SUB" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
-        echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
-        echo "MAILDIR_SUB=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
-        echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
-        echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
-        echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
-        WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
-        echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_BAN" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
-        echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_NOTIFY_START" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Send a notification when the watchdog is started.' >> mailcow.conf
-        echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_SUBJECT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
-        echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
-        echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
-        echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
-        echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
-      fi
-    elif [[ ${option} == "SOGO_EXPIRE_SESSION" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# SOGo session timeout in minutes' >> mailcow.conf
-        echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
-      fi
-    elif [[ ${option} == "REDIS_PORT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOVECOT_MASTER_USER" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
-        echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
-        echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
-        echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-        echo "DOVECOT_MASTER_USER=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "DOVECOT_MASTER_PASS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-        echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
-      fi
-    elif [[ ${option} == "MAILCOW_PASS_SCHEME" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Password hash algorithm' >> mailcow.conf
-        echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
-        echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
-        echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
-      fi
-    elif [[ ${option} == "ADDITIONAL_SERVER_NAMES" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Additional server names for mailcow UI' >> mailcow.conf
-        echo '#' >> mailcow.conf
-        echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
-        echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
-        echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
-        echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
-        echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
-        echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
-      fi
-    elif [[ ${option} == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "# WebAuthn device manufacturer verification" >> mailcow.conf
-        echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
-        echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
-        echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "SPAMHAUS_DQS_KEY" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo "# Spamhaus Data Query Service Key" >> mailcow.conf
-        echo '# Optional: Leave empty for none' >> mailcow.conf
-        echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
-        echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
-        echo '# Otherwise it will work as usual.' >> mailcow.conf
-        echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
-      fi
-    elif [[ ${option} == "WATCHDOG_VERBOSE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Enable watchdog verbose logging' >> mailcow.conf
-        echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
-        echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
-        echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
-        echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
-      fi
-    elif [[ ${option} == "HTTP_REDIRECT" ]]; then
-      if ! grep -q ${option} mailcow.conf; then
-        echo "Adding new option \"${option}\" to mailcow.conf"
-        echo '# Redirect HTTP connections to HTTPS - y/n' >> mailcow.conf
-        echo 'HTTP_REDIRECT=n' >> mailcow.conf
-      fi
-    elif ! grep -q ${option} mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "${option}=n" >> mailcow.conf
-    fi
-  done
-}
-
-migrate_solr_config_options() {
-
-  sed -i --follow-symlinks '$a\' mailcow.conf
-
-  if grep -q "SOLR_HEAP" mailcow.conf; then
-    echo "Removing SOLR_HEAP in mailcow.conf"
-    sed -i '/# Solr heap size in MB\b/d' mailcow.conf
-    sed -i '/# Solr is a prone to run\b/d' mailcow.conf
-    sed -i '/SOLR_HEAP\b/d' mailcow.conf
-  fi
-
-  if grep -q "SKIP_SOLR" mailcow.conf; then
-    echo "Removing SKIP_SOLR in mailcow.conf"
-    sed -i '/\bSkip Solr on low-memory\b/d' mailcow.conf
-    sed -i '/\bSolr is disabled by default\b/d' mailcow.conf
-    sed -i '/\bDisable Solr or\b/d' mailcow.conf
-    sed -i '/\bSKIP_SOLR\b/d' mailcow.conf
-  fi
-
-  if grep -q "SOLR_PORT" mailcow.conf; then
-    echo "Removing SOLR_PORT in mailcow.conf"
-    sed -i '/\bSOLR_PORT\b/d' mailcow.conf
-  fi
-
-  if grep -q "FLATCURVE_EXPERIMENTAL" mailcow.conf; then
-    echo "Removing FLATCURVE_EXPERIMENTAL in mailcow.conf"
-    sed -i '/\bFLATCURVE_EXPERIMENTAL\b/d' mailcow.conf
-  fi
-
-  solr_volume=$(docker volume ls -qf name=^${COMPOSE_PROJECT_NAME}_solr-vol-1)
-  if [[ -n $solr_volume ]]; then
-    echo -e "\e[34mSolr has been replaced within mailcow since 2025-01.\nThe volume $solr_volume is unused.\e[0m"
-    sleep 1
-    if [ ! "$FORCE" ]; then
-      read -r -p "Remove $solr_volume? [y/N] " response
-      if [[ "$response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-        echo -e "\e[33mRemoving $solr_volume...\e[0m"
-        docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
-        echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
-      else
-        echo -e "Not removing $solr_volume. Run \`docker volume rm $solr_volume\` manually if needed."
-      fi
-    else
-      echo -e "\e[33mForce removing $solr_volume...\e[0m"
-      docker volume rm $solr_volume || echo -e "\e[31mFailed to remove. Remove it manually!\e[0m"
-      echo -e "\e[32mSuccessfully removed $solr_volume!\e[0m"
-    fi
-  fi
-
-  # Delete old fts.conf before forced switch to flatcurve to ensure update is working properly
-  FTS_CONF_PATH="${SCRIPT_DIR}/data/conf/dovecot/conf.d/fts.conf"
-  if [[ -f "$FTS_CONF_PATH" ]]; then
-    if grep -q "Autogenerated by mailcow" "$FTS_CONF_PATH"; then
-      rm -rf $FTS_CONF_PATH
-    fi
-  fi
-}
-
-detect_major_update() {
-  if [ ${BRANCH} == "master" ]; then
-    # Array with major versions
-    # Add major versions here
-    MAJOR_VERSIONS=(
-      "2025-02"
-      "2025-03"
-    )
-
-    current_version=""
-    if [[ -f "${SCRIPT_DIR}/data/web/inc/app_info.inc.php" ]]; then
-      current_version=$(grep 'MAILCOW_GIT_VERSION' ${SCRIPT_DIR}/data/web/inc/app_info.inc.php | sed -E 's/.*MAILCOW_GIT_VERSION="([^"]+)".*/\1/')
-    fi
-    if [[ -z "$current_version" ]]; then
-      return 1
-    fi
-    release_url="https://github.com/mailcow/mailcow-dockerized/releases/tag"
-
-    updates_to_apply=()
-
-    for version in "${MAJOR_VERSIONS[@]}"; do
-      if [[ "$current_version" < "$version" ]]; then
-        updates_to_apply+=("$version")
-      fi
-    done
-
-    if [[ ${#updates_to_apply[@]} -gt 0 ]]; then
-      echo -e "\e[33m\nMAJOR UPDATES to be applied:\e[0m"
-      for update in "${updates_to_apply[@]}"; do
-        echo "$update - $release_url/$update"
-      done
-
-      echo -e "\nPlease read the release notes before proceeding."
-      read -p "Do you want to proceed with the update? [y/n] " response
-      if [[ "${response}" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-        echo "Proceeding with the update..."
-      else
-        echo "Update canceled. Exiting."
-        exit 1
-      fi
-    fi
-  fi
-}
-
-remove_obsolete_options() {
-  OBSOLETE_OPTIONS=(
-    "ACME_CONTACT"
-  )
-
-  for option in "${OBSOLETE_OPTIONS[@]}"; do
-    if [[ "$option" == "ACME_CONTACT" ]]; then
-      sed -i '/^# Lets Encrypt registration contact information/d' mailcow.conf
-      sed -i "/^# Let's Encrypt registration contact information/d" mailcow.conf
-      sed -i '/^# Optional: Leave empty for none/d' mailcow.conf
-      sed -i '/^# This value is only used on first order!/d' mailcow.conf
-      sed -i '/^# Setting it at a later point will require the following steps:/d' mailcow.conf
-      sed -i '/^# https:\/\/docs.mailcow.email\/troubleshooting\/debug-reset_tls\//d' mailcow.conf
-      sed -i '/^ACME_CONTACT=.*/d' mailcow.conf
-      sed -i '/^#ACME_CONTACT=.*/d' mailcow.conf
-    else
-      sed -i "/^${option}=.*/d" mailcow.conf
-      sed -i "/^#${option}=.*/d" mailcow.conf
-    fi
-  done
-}
 ############## End Function Section ##############
 
 # Check permissions
@@ -786,22 +34,6 @@ if [ -f "${SCRIPT_DIR}/pre_update_hook.sh" ]; then
   bash "${SCRIPT_DIR}/pre_update_hook.sh"
 fi
 
-if [[ "$(uname -r)" =~ ^4\.15\.0-60 ]]; then
-  echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!";
-  echo "Please update to 5.x or use another distribution."
-  exit 1
-fi
-
-if [[ "$(uname -r)" =~ ^4\.4\. ]]; then
-  if grep -q Ubuntu <<< "$(uname -a)"; then
-    echo "DO NOT RUN mailcow ON THIS UBUNTU KERNEL!"
-    echo "Please update to linux-generic-hwe-16.04 by running \"apt-get install --install-recommends linux-generic-hwe-16.04\""
-    exit 1
-  fi
-  echo "mailcow on a 4.4.x kernel is not supported. It may or may not work, please upgrade your kernel or continue at your own risk."
-  read -p "Press any key to continue..." < /dev/tty
-fi
-
 # Exit on error and pipefail
 set -o pipefail
 
@@ -817,22 +49,9 @@ umask 0022
 unset COMPOSE_COMMAND
 unset DOCKER_COMPOSE_VERSION
 
-for bin in curl docker git awk sha1sum grep cut; do
-  if [[ -z $(command -v ${bin}) ]]; then
-  echo "Cannot find ${bin}, exiting..."
-  exit 1;
-  fi
-done
+get_installed_tools
 
-# Check Docker Version (need at least 24.X)
-docker_version=$(docker -v | grep -oP '\d+\.\d+\.\d+' | cut -d '.' -f 1 | head -1)
-
-if [[ $docker_version -lt 24 ]]; then
-  echo -e "\e[31mCannot find Docker with a Version higher or equals 24.0.0\e[0m"
-  echo -e "\e[33mmailcow needs a newer Docker version to work properly... continuing on your own risk!\e[0m"
-  echo -e "\e[31mPlease update your Docker installation... sleeping 10s\e[0m"
-  sleep 10
-fi
+get_docker_version
 
 export LC_ALL=C
 DATE=$(date +%Y-%m-%d_%H_%M_%S)
@@ -936,9 +155,7 @@ done
 chmod 600 mailcow.conf
 source mailcow.conf
 
-detect_docker_compose_command
-
-fix_broken_dnslist_conf
+get_compose_type
 
 DOTS=${MAILCOW_HOSTNAME//[^.]};
 if [ ${#DOTS} -lt 1 ]; then
@@ -961,349 +178,8 @@ elif [ ${#DOTS} -eq 1 ]; then
   fi
 fi
 
-if grep --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox grep detected, please install gnu grep, \"apk add --no-cache --upgrade grep\""; exit 1; fi
-# This will also cover sort
-if cp --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox cp detected, please install coreutils, \"apk add --no-cache --upgrade coreutils\""; exit 1; fi
-if sed --help 2>&1 | head -n 1 | grep -q -i "busybox"; then echo "BusyBox sed detected, please install gnu sed, \"apk add --no-cache --upgrade sed\""; exit 1; fi
-
-CONFIG_ARRAY=(
-  "SKIP_LETS_ENCRYPT"
-  "SKIP_SOGO"
-  "USE_WATCHDOG"
-  "WATCHDOG_NOTIFY_EMAIL"
-  "WATCHDOG_NOTIFY_WEBHOOK"
-  "WATCHDOG_NOTIFY_WEBHOOK_BODY"
-  "WATCHDOG_NOTIFY_BAN"
-  "WATCHDOG_NOTIFY_START"
-  "WATCHDOG_EXTERNAL_CHECKS"
-  "WATCHDOG_SUBJECT"
-  "SKIP_CLAMD"
-  "SKIP_OLEFY"
-  "SKIP_IP_CHECK"
-  "ADDITIONAL_SAN"
-  "AUTODISCOVER_SAN"
-  "DOVEADM_PORT"
-  "IPV4_NETWORK"
-  "IPV6_NETWORK"
-  "LOG_LINES"
-  "SNAT_TO_SOURCE"
-  "SNAT6_TO_SOURCE"
-  "COMPOSE_PROJECT_NAME"
-  "DOCKER_COMPOSE_VERSION"
-  "SQL_PORT"
-  "API_KEY"
-  "API_KEY_READ_ONLY"
-  "API_ALLOW_FROM"
-  "MAILDIR_GC_TIME"
-  "MAILDIR_SUB"
-  "ACL_ANYONE"
-  "ENABLE_SSL_SNI"
-  "ALLOW_ADMIN_EMAIL_LOGIN"
-  "SKIP_HTTP_VERIFICATION"
-  "SOGO_EXPIRE_SESSION"
-  "REDIS_PORT"
-  "DOVECOT_MASTER_USER"
-  "DOVECOT_MASTER_PASS"
-  "MAILCOW_PASS_SCHEME"
-  "ADDITIONAL_SERVER_NAMES"
-  "WATCHDOG_VERBOSE"
-  "WEBAUTHN_ONLY_TRUSTED_VENDORS"
-  "SPAMHAUS_DQS_KEY"
-  "SKIP_UNBOUND_HEALTHCHECK"
-  "DISABLE_NETFILTER_ISOLATION_RULE"
-  "REDISPASS"
-)
-
 detect_bad_asn
 
-sed -i --follow-symlinks '$a\' mailcow.conf
-for option in "${CONFIG_ARRAY[@]}"; do
-  if [[ ${option} == "ADDITIONAL_SAN" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "${option}=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "COMPOSE_PROJECT_NAME" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "COMPOSE_PROJECT_NAME=mailcowdockerized" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOCKER_COMPOSE_VERSION" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "# Used Docker Compose version" >> mailcow.conf
-      echo "# Switch here between native (compose plugin) and standalone" >> mailcow.conf
-      echo "# For more informations take a look at the mailcow docs regarding the configuration options." >> mailcow.conf
-      echo "# Normally this should be untouched but if you decided to use either of those you can switch it manually here." >> mailcow.conf
-      echo "# Please be aware that at least one of those variants should be installed on your maschine or mailcow will fail." >> mailcow.conf
-      echo "" >> mailcow.conf
-      echo "DOCKER_COMPOSE_VERSION=${DOCKER_COMPOSE_VERSION}" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOVEADM_PORT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "DOVEADM_PORT=127.0.0.1:19991" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_EMAIL" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "WATCHDOG_NOTIFY_EMAIL=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "LOG_LINES" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Max log lines per service to keep in Redis logs' >> mailcow.conf
-      echo "LOG_LINES=9999" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "IPV4_NETWORK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Internal IPv4 /24 subnet, format n.n.n. (expands to n.n.n.0/24)' >> mailcow.conf
-      echo "IPV4_NETWORK=172.22.1" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "IPV6_NETWORK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Internal IPv6 subnet in fc00::/7' >> mailcow.conf
-      echo "IPV6_NETWORK=fd4d:6169:6c63:6f77::/64" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SQL_PORT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Bind SQL to 127.0.0.1 on port 13306' >> mailcow.conf
-      echo "SQL_PORT=127.0.0.1:13306" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "API_KEY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Create or override API key for web UI' >> mailcow.conf
-      echo "#API_KEY=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "API_KEY_READ_ONLY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Create or override read-only API key for web UI' >> mailcow.conf
-      echo "#API_KEY_READ_ONLY=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "API_ALLOW_FROM" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Must be set for API_KEY to be active' >> mailcow.conf
-      echo '# IPs only, no networks (networks can be set via UI)' >> mailcow.conf
-      echo "#API_ALLOW_FROM=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SNAT_TO_SOURCE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Use this IPv4 for outgoing connections (SNAT)' >> mailcow.conf
-      echo "#SNAT_TO_SOURCE=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SNAT6_TO_SOURCE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Use this IPv6 for outgoing connections (SNAT)' >> mailcow.conf
-      echo "#SNAT6_TO_SOURCE=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "MAILDIR_GC_TIME" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Garbage collector cleanup' >> mailcow.conf
-      echo '# Deleted domains and mailboxes are moved to /var/vmail/_garbage/timestamp_sanitizedstring' >> mailcow.conf
-      echo '# How long should objects remain in the garbage until they are being deleted? (value in minutes)' >> mailcow.conf
-      echo '# Check interval is hourly' >> mailcow.conf
-      echo 'MAILDIR_GC_TIME=1440' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "ACL_ANYONE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Set this to "allow" to enable the anyone pseudo user. Disabled by default.' >> mailcow.conf
-      echo '# When enabled, ACL can be created, that apply to "All authenticated users"' >> mailcow.conf
-      echo '# This should probably only be activated on mail hosts, that are used exclusivly by one organisation.' >> mailcow.conf
-      echo '# Otherwise a user might share data with too many other users.' >> mailcow.conf
-      echo 'ACL_ANYONE=disallow' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "ENABLE_SSL_SNI" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Create seperate certificates for all domains - y/n' >> mailcow.conf
-      echo '# this will allow adding more than 100 domains, but some email clients will not be able to connect with alternative hostnames' >> mailcow.conf
-      echo '# see https://wiki.dovecot.org/SSL/SNIClientSupport' >> mailcow.conf
-      echo "ENABLE_SSL_SNI=n" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_SOGO" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip SOGo: Will disable SOGo integration and therefore webmail, DAV protocols and ActiveSync support (experimental, unsupported, not fully implemented) - y/n' >> mailcow.conf
-      echo "SKIP_SOGO=n" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "MAILDIR_SUB" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# MAILDIR_SUB defines a path in a users virtual home to keep the maildir in. Leave empty for updated setups.' >> mailcow.conf
-      echo "#MAILDIR_SUB=Maildir" >> mailcow.conf
-      echo "MAILDIR_SUB=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Send notifications to a webhook URL that receives a POST request with the content type "application/json".' >> mailcow.conf
-      echo '# You can use this to send notifications to services like Discord, Slack and others.' >> mailcow.conf
-      echo '#WATCHDOG_NOTIFY_WEBHOOK=https://discord.com/api/webhooks/XXXXXXXXXXXXXXXXXXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_WEBHOOK_BODY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# JSON body included in the webhook POST request. Needs to be in single quotes.' >> mailcow.conf
-      echo '# Following variables are available: SUBJECT, BODY' >> mailcow.conf
-      WEBHOOK_BODY='{"username": "mailcow Watchdog", "content": "**${SUBJECT}**\n${BODY}"}'
-      echo "#WATCHDOG_NOTIFY_WEBHOOK_BODY='${WEBHOOK_BODY}'" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_BAN" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Notify about banned IP. Includes whois lookup.' >> mailcow.conf
-      echo "WATCHDOG_NOTIFY_BAN=y" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_NOTIFY_START" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Send a notification when the watchdog is started.' >> mailcow.conf
-      echo "WATCHDOG_NOTIFY_START=y" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_SUBJECT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Subject for watchdog mails. Defaults to "Watchdog ALERT" followed by the error message.' >> mailcow.conf
-      echo "#WATCHDOG_SUBJECT=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_EXTERNAL_CHECKS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Checks if mailcow is an open relay. Requires a SAL. More checks will follow.' >> mailcow.conf
-      echo '# No data is collected. Opt-in and anonymous.' >> mailcow.conf
-      echo '# Will only work with unmodified mailcow setups.' >> mailcow.conf
-      echo "WATCHDOG_EXTERNAL_CHECKS=n" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SOGO_EXPIRE_SESSION" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# SOGo session timeout in minutes' >> mailcow.conf
-      echo "SOGO_EXPIRE_SESSION=480" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "REDIS_PORT" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "REDIS_PORT=127.0.0.1:7654" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOVECOT_MASTER_USER" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# DOVECOT_MASTER_USER and _PASS must _both_ be provided. No special chars.' >> mailcow.conf
-      echo '# Empty by default to auto-generate master user and password on start.' >> mailcow.conf
-      echo '# User expands to DOVECOT_MASTER_USER@mailcow.local' >> mailcow.conf
-      echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-      echo "DOVECOT_MASTER_USER=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DOVECOT_MASTER_PASS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# LEAVE EMPTY IF UNSURE' >> mailcow.conf
-      echo "DOVECOT_MASTER_PASS=" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "MAILCOW_PASS_SCHEME" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Password hash algorithm' >> mailcow.conf
-      echo '# Only certain password hash algorithm are supported. For a fully list of supported schemes,' >> mailcow.conf
-      echo '# see https://docs.mailcow.email/models/model-passwd/' >> mailcow.conf
-      echo "MAILCOW_PASS_SCHEME=BLF-CRYPT" >> mailcow.conf
-    fi
-  elif [[ "${option}" == "ADDITIONAL_SERVER_NAMES" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Additional server names for mailcow UI' >> mailcow.conf
-      echo '#' >> mailcow.conf
-      echo '# Specify alternative addresses for the mailcow UI to respond to' >> mailcow.conf
-      echo '# This is useful when you set mail.* as ADDITIONAL_SAN and want to make sure mail.maildomain.com will always point to the mailcow UI.' >> mailcow.conf
-      echo '# If the server name does not match a known site, Nginx decides by best-guess and may redirect users to the wrong web root.' >> mailcow.conf
-      echo '# You can understand this as server_name directive in Nginx.' >> mailcow.conf
-      echo '# Comma separated list without spaces! Example: ADDITIONAL_SERVER_NAMES=a.b.c,d.e.f' >> mailcow.conf
-      echo 'ADDITIONAL_SERVER_NAMES=' >> mailcow.conf
-    fi
-
-  elif [[ "${option}" == "AUTODISCOVER_SAN" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Obtain certificates for autodiscover.* and autoconfig.* domains.' >> mailcow.conf
-      echo '# This can be useful to switch off in case you are in a scenario where a reverse proxy already handles those.' >> mailcow.conf
-      echo '# There are mixed scenarios where ports 80,443 are occupied and you do not want to share certs' >> mailcow.conf
-      echo '# between services. So acme-mailcow obtains for maildomains and all web-things get handled' >> mailcow.conf
-      echo '# in the reverse proxy.' >> mailcow.conf
-      echo 'AUTODISCOVER_SAN=y' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WEBAUTHN_ONLY_TRUSTED_VENDORS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "# WebAuthn device manufacturer verification" >> mailcow.conf
-      echo '# After setting WEBAUTHN_ONLY_TRUSTED_VENDORS=y only devices from trusted manufacturers are allowed' >> mailcow.conf
-      echo '# root certificates can be placed for validation under mailcow-dockerized/data/web/inc/lib/WebAuthn/rootCertificates' >> mailcow.conf
-      echo 'WEBAUTHN_ONLY_TRUSTED_VENDORS=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SPAMHAUS_DQS_KEY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo "# Spamhaus Data Query Service Key" >> mailcow.conf
-      echo '# Optional: Leave empty for none' >> mailcow.conf
-      echo '# Enter your key here if you are using a blocked ASN (OVH, AWS, Cloudflare e.g) for the unregistered Spamhaus Blocklist.' >> mailcow.conf
-      echo '# If empty, it will completely disable Spamhaus blocklists if it detects that you are running on a server using a blocked AS.' >> mailcow.conf
-      echo '# Otherwise it will work as usual.' >> mailcow.conf
-      echo 'SPAMHAUS_DQS_KEY=' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "WATCHDOG_VERBOSE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Enable watchdog verbose logging' >> mailcow.conf
-      echo 'WATCHDOG_VERBOSE=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_UNBOUND_HEALTHCHECK" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip Unbound (DNS Resolver) Healthchecks (NOT Recommended!) - y/n' >> mailcow.conf
-      echo 'SKIP_UNBOUND_HEALTHCHECK=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "DISABLE_NETFILTER_ISOLATION_RULE" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Prevent netfilter from setting an iptables/nftables rule to isolate the mailcow docker network - y/n' >> mailcow.conf
-      echo '# CAUTION: Disabling this may expose container ports to other neighbors on the same subnet, even if the ports are bound to localhost' >> mailcow.conf
-      echo 'DISABLE_NETFILTER_ISOLATION_RULE=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_CLAMD" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip ClamAV (clamd-mailcow) anti-virus (Rspamd will auto-detect a missing ClamAV container) - y/n' >> mailcow.conf
-      echo 'SKIP_CLAMD=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "SKIP_OLEFY" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo '# Skip Olefy (olefy-mailcow) anti-virus for Office documents (Rspamd will auto-detect a missing Olefy container) - y/n' >> mailcow.conf
-      echo 'SKIP_OLEFY=n' >> mailcow.conf
-    fi
-  elif [[ "${option}" == "REDISPASS" ]]; then
-    if ! grep -q "${option}" mailcow.conf; then
-      echo "Adding new option \"${option}\" to mailcow.conf"
-      echo -e '\n# ------------------------------' >> mailcow.conf
-      echo '# REDIS configuration' >> mailcow.conf
-      echo -e '# ------------------------------\n' >> mailcow.conf
-      echo "REDISPASS=$(LC_ALL=C </dev/urandom tr -dc A-Za-z0-9 2> /dev/null | head -c 28)" >> mailcow.conf
-    fi
-  elif ! grep -q "${option}" mailcow.conf; then
-    echo "Adding new option \"${option}\" to mailcow.conf"
-    echo "${option}=n" >> mailcow.conf
-  fi
-done
-
 if [[ ("${SKIP_PING_CHECK}" == "y") ]]; then
 echo -e "\e[32mSkipping Ping Check...\e[0m"
 
@@ -1422,16 +298,38 @@ elif [ "$NEW_BRANCH" == "legacy" ] && [ "$CURRENT_BRANCH" != "legacy" ]; then
 fi
 
 if [ ! "$DEV" ]; then
+  EXIT_COUNT=0
   echo -e "\e[32mChecking for newer update script...\e[0m"
   SHA1_1="$(sha1sum update.sh)"
-  git fetch origin #${BRANCH}
-  git checkout "origin/${BRANCH}" update.sh
-  SHA1_2=$(sha1sum update.sh)
+  git fetch origin
+  git checkout "origin/${BRANCH}" -- update.sh
+  SHA1_2="$(sha1sum update.sh)"
   if [[ "${SHA1_1}" != "${SHA1_2}" ]]; then
-    echo "update.sh changed, please run this script again, exiting."
     chmod +x update.sh
+    EXIT_COUNT+=1
+  fi
+
+  MODULE_DIR="$(dirname "$0")/_modules"
+  echo -e "\e[32mChecking for updates in _modules...\e[0m"
+  if [ ! -d "${MODULE_DIR}" ] || [ -z "$(ls -A "${MODULE_DIR}")" ]; then
+    echo -e "\e[33m_modules missing or empty — fetching from origin...\e[0m"
+    git checkout "origin/${BRANCH}" -- _modules
+  else
+    OLD_SUM="$(find "${MODULE_DIR}" -type f -exec sha1sum {} \; | sort | sha1sum)"
+    git fetch origin
+    git checkout "origin/${BRANCH}" -- _modules
+    NEW_SUM="$(find "${MODULE_DIR}" -type f -exec sha1sum {} \; | sort | sha1sum)"
+
+    if [[ "${OLD_SUM}" != "${NEW_SUM}" ]]; then
+      EXIT_COUNT+=1
+    fi
+  fi
+
+  if [ ${EXIT_COUNT} -ge 1 ]; then
+    echo "Changes for the update Script, please run this script again, exiting!"
     exit 2
   fi
+
 fi
 
 if [ ! "$FORCE" ]; then
@@ -1441,11 +339,8 @@ if [ ! "$FORCE" ]; then
     exit 0
   fi
   detect_major_update
-  migrate_docker_nat
 fi
 
-remove_obsolete_nginx_ports
-
 echo -e "\e[32mValidating docker-compose stack configuration...\e[0m"
 sed -i 's/HTTPS_BIND:-:/HTTPS_BIND:-/g' docker-compose.yml
 sed -i 's/HTTP_BIND:-:/HTTP_BIND:-/g' docker-compose.yml
@@ -1483,28 +378,28 @@ for container in "${MAILCOW_CONTAINERS[@]}"; do
   docker rm -f "$container" 2> /dev/null
 done
 
+configure_ipv6
+
 [[ -f data/conf/nginx/ZZZ-ejabberd.conf ]] && rm data/conf/nginx/ZZZ-ejabberd.conf
-migrate_solr_config_options
+migrate_config_options
 adapt_new_options
-remove_obsolete_options
 
-# Silently fixing remote url from andryyy to mailcow
-# git remote set-url origin https://github.com/mailcow/mailcow-dockerized
-
-DEFAULT_REPO="https://github.com/mailcow/mailcow-dockerized"
-CURRENT_REPO=$(git config --get remote.origin.url)
-if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
-  echo "The Repository currently used is not the default Mailcow Repository."
-  echo "Currently Repository: $CURRENT_REPO"
-  echo "Default Repository:   $DEFAULT_REPO"
-  if [ ! "$FORCE" ]; then
-    read -r -p "Should it be changed back to default? [y/N] " repo_response
-    if [[ "$repo_response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
-      git remote set-url origin $DEFAULT_REPO
+if [ ! "$DEV" ]; then
+  DEFAULT_REPO="https://github.com/mailcow/mailcow-dockerized"
+  CURRENT_REPO=$(git config --get remote.origin.url)
+  if [ "$CURRENT_REPO" != "$DEFAULT_REPO" ]; then
+    echo "The Repository currently used is not the default mailcow Repository."
+    echo "Currently Repository: $CURRENT_REPO"
+    echo "Default Repository:   $DEFAULT_REPO"
+    if [ ! "$FORCE" ]; then
+      read -r -p "Should it be changed back to default? [y/N] " repo_response
+      if [[ "$repo_response" =~ ^([yY][eE][sS]|[yY])+$ ]]; then
+        git remote set-url origin $DEFAULT_REPO
+      fi
+    else
+        echo "Running in forced mode... setting Repo to default!"
+        git remote set-url origin $DEFAULT_REPO
     fi
-  else
-      echo "Running in forced mode... setting Repo to default!"
-      git remote set-url origin $DEFAULT_REPO
   fi
 fi
 
@@ -1538,7 +433,7 @@ if [ ! "$DEV" ]; then
     echo "Run $COMPOSE_COMMAND up -d to restart your stack without updates or try again after fixing the mentioned errors."
     exit 1
   fi
-elif [ "$DEV" ]; then
+else
   echo -e "\e[33mDEVELOPER MODE: Not creating a git diff and commiting it to prevent development stuff within a backup diff...\e[0m"
 fi