From 2389d597358f53e43be5982e29125eabda94bf6c Mon Sep 17 00:00:00 2001 From: Thomas Kaltenbrunner Date: Tue, 4 Mar 2025 19:31:12 +0100 Subject: [PATCH] fix(postfix): Add internal authentication --- .../apps/element/values-synapse.yaml.gotmpl | 4 +- .../values-nextcloud-mgmt.yaml.gotmpl | 10 +- helmfile/apps/notes/values.yaml.gotmpl | 3 + helmfile/apps/nubus/values-nubus.yaml.gotmpl | 11 +- .../open-xchange/helmfile-child.yaml.gotmpl | 21 ++++ .../values-openxchange.yaml.gotmpl | 7 +- .../open-xchange/values-postfix.yaml.gotmpl | 100 ++++++++++++++++++ helmfile/apps/openproject/values.yaml.gotmpl | 10 +- .../values-postfix.yaml.gotmpl | 27 ++--- helmfile/apps/xwiki/values.yaml.gotmpl | 6 +- .../environments/default/charts.yaml.gotmpl | 4 +- .../environments/default/global.yaml.gotmpl | 6 +- .../environments/default/images.yaml.gotmpl | 2 +- .../environments/default/secrets.yaml.gotmpl | 2 + 14 files changed, 177 insertions(+), 36 deletions(-) create mode 100644 helmfile/apps/open-xchange/values-postfix.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element/values-synapse.yaml.gotmpl index eccaa25c..899d181e 100644 --- a/helmfile/apps/element/values-synapse.yaml.gotmpl +++ b/helmfile/apps/element/values-synapse.yaml.gotmpl @@ -136,8 +136,8 @@ configuration: port: 25 tls: false starttls: false - username: "" - password: "" + username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} oidc: clientId: "opendesk-matrix" diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index 6e377795..3335c401 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -142,16 +142,16 @@ configuration: smtp: auth: - enabled: false + enabled: true username: - value: "" + value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} password: - value: "" + value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} - port: 25 + port: 587 fromAddress: {{ .Values.smtp.localpartNoReply | quote }} mailDomain: "{{ .Values.global.domain }}" - security: "" + security: "tls" skipVerifyPeer: true quota: diff --git a/helmfile/apps/notes/values.yaml.gotmpl b/helmfile/apps/notes/values.yaml.gotmpl index 37c8001b..a3242dfe 100644 --- a/helmfile/apps/notes/values.yaml.gotmpl +++ b/helmfile/apps/notes/values.yaml.gotmpl @@ -168,6 +168,9 @@ backend: DJANGO_EMAIL_HOST: "postfix" DJANGO_EMAIL_PORT: 25 DJANGO_EMAIL_USE_SSL: False + DJANGO_EMAIL_HOST_USER: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + DJANGO_EMAIL_HOST_PASSWORD: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} + DJANGO_EMAIL_USE_TLS: False OIDC_RP_CLIENT_ID: "opendesk-notes" OIDC_RP_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.notes | quote }} OIDC_OP_JWKS_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs" diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index d47d520f..c7e2302f 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -537,8 +537,9 @@ nubusKeycloakExtensions: ssl: false starttls: false auth: - enabled: false - username: "" + enabled: true + username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} existingSecret: name: "ums-keycloak-extensions-smtp-opendesk-credentials" keyMapping: @@ -1108,7 +1109,7 @@ nubusStackDataUms: umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}" smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} smtpPort: 25 - smtpUser: "" + smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} smtpStartTls: false ldapBase: {{ .Values.ldap.baseDn }} templateContext: @@ -1414,7 +1415,7 @@ extraSecrets: umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }} - name: "ums-keycloak-extensions-smtp-opendesk-credentials" stringData: - umcKeycloakExtensionsSmtpPassword: "" + umcKeycloakExtensionsSmtpPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} - name: "ums-keycloak-bootstrap-ldap-opendesk-credentials" stringData: password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }} @@ -1424,7 +1425,7 @@ extraSecrets: secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} - name: "ums-umc-server-smtp-credentials-custom" stringData: - password: "" + password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} - name: "ums-provisioning-ox-credentials" stringData: ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }" diff --git a/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl b/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl index 78b271e2..43a4a8f3 100644 --- a/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl @@ -51,6 +51,16 @@ repositories: oci: true url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}" + # openDesk Postfix + # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix + - name: "postfix-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.postfix.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}" + releases: - name: "dovecot" chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}" @@ -66,6 +76,17 @@ releases: installed: {{ .Values.apps.dovecot.enabled }} timeout: 900 + - name: "postfix-ox" + chart: "postfix-repo/{{ .Values.charts.postfix.name }}" + version: "{{ .Values.charts.postfix.version }}" + values: + - "values-postfix.yaml.gotmpl" + {{- range .Values.customization.release.postfix }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.postfix.enabled }} + timeout: 900 + - name: "open-xchange" chart: "open-xchange-repo/{{ .Values.charts.oxAppSuite.name }}" version: "{{ .Values.charts.oxAppSuite.version }}" diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index e45914dc..fdaf2293 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -241,7 +241,7 @@ appsuite: com.openexchange.mail.mailServer: "dovecot" com.openexchange.mail.mailServerSource: "global" com.openexchange.mail.transport.authType: "xoauth2" - com.openexchange.mail.transportServer: "postfix" + com.openexchange.mail.transportServer: "postfix-ox" com.openexchange.mail.transportServerSource: "global" # Requirements for OX-Connector com.openexchange.user.enforceUniqueDisplayName: "false" @@ -287,7 +287,12 @@ appsuite: # Guard com.openexchange.guard.storage.file.fileStorageType: "file" com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/" + com.openexchange.guard.guestSMTPMailFrom: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + com.openexchange.guard.guestSMTPPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} + com.openexchange.guard.guestSMTPPort: "25" com.openexchange.guard.guestSMTPServer: "postfix" + com.openexchange.guard.guestSMTPUsername: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + com.openexchange.guard.useStartTLS: "false" # S/MIME # Usage (in browser console after login): # http = (await import('./io.ox/core/http.js')).default diff --git a/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl b/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl new file mode 100644 index 00000000..77b14324 --- /dev/null +++ b/helmfile/apps/open-xchange/values-postfix.yaml.gotmpl @@ -0,0 +1,100 @@ +{{/* +SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +certificate: + secretName: {{ .Values.ingress.tls.secretName | quote }} + request: + enabled: false + +containerSecurityContext: + allowPrivilegeEscalation: true + capabilities: {} + enabled: true + seccompProfile: + type: "RuntimeDefault" + readOnlyRootFilesystem: true + runAsNonRoot: false + runAsUser: 0 + runAsGroup: 0 + privileged: true + seLinuxOptions: + {{ .Values.seLinuxOptions.postfix | toYaml | nindent 4 }} + +global: + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.postfix.registry | quote }} + repository: {{ .Values.images.postfix.repository | quote }} + tag: {{ .Values.images.postfix.tag | quote }} + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +persistence: + size: {{ .Values.persistence.storages.postfix.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.postfix.storageClassName .Values.persistence.storageClassNames.RWO | quote }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +postfix: + amavisHost: "" + amavisPortIn: "" + domain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} + hostname: "postfix" + inetProtocols: "ipv4" + milterDefaultAction: "tempfail" + overrides: + - fileName: "sasl_passwd.map" + content: + - {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }} + {{- if .Values.apps.dkimpy.enabled }} + dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892" + {{- end }} + rspamdHost: "" + relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }} + relayNets: {{ join " " .Values.cluster.networking.cidr | quote }} + smtpSASLAuthEnable: "yes" + smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map" + smtpTLSSecurityLevel: "encrypt" + smtpdSASLAuthEnable: "yes" + smtpdSASLSecurityOptions: "noanonymous" + smtpdSASLType: "dovecot" + smtpdTLSSecurityLevel: "encrypt" + smtpdTLSCertFile: "/etc/tls/tls.crt" + smtpdKeyFile: "/etc/tls/tls.key" + smtpdSASLPath: "inet:dovecot:3659" + + staticAuthDB: + enabled: false + + {{- if .Values.antivirus.milter.host }} + smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}" + {{- else }} + {{- if .Values.apps.clamavDistributed.enabled }} + smtpdMilters: "inet:clamav-milter:7357" + {{- else if .Values.apps.clamavSimple.enabled }} + smtpdMilters: "inet:clamav-simple:7357" + {{- end }} + {{- end }} + virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }} + virtualTransport: "lmtps:dovecot:24" + +podAnnotations: {} + +replicaCount: {{ .Values.replicas.postfix }} + +resources: + {{ .Values.resources.postfix | toYaml | nindent 2 }} + +{{- if or (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "LoadBalancer") }} +service: + external: + enabled: true + type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }} +{{- end }} +... diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl index 6ef79b2b..2ceb0650 100644 --- a/helmfile/apps/openproject/values.yaml.gotmpl +++ b/helmfile/apps/openproject/values.yaml.gotmpl @@ -76,13 +76,13 @@ environment: OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }} OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} - OPENPROJECT_SMTP__USER__NAME: "" - OPENPROJECT_SMTP__PASSWORD: "" - OPENPROJECT_SMTP__PORT: 25 + OPENPROJECT_SMTP__USER__NAME: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + OPENPROJECT_SMTP__PASSWORD: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} + OPENPROJECT_SMTP__PORT: 587 OPENPROJECT_SMTP__SSL: "false" # (default=false) OPENPROJECT_SMTP__ADDRESS: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} - OPENPROJECT_SMTP__AUTHENTICATION: "none" - OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "false" + OPENPROJECT_SMTP__AUTHENTICATION: "cram_md5" + OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true" OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "none" OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}" OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }} diff --git a/helmfile/apps/services-external/values-postfix.yaml.gotmpl b/helmfile/apps/services-external/values-postfix.yaml.gotmpl index 4cd57f7c..3bc9836c 100644 --- a/helmfile/apps/services-external/values-postfix.yaml.gotmpl +++ b/helmfile/apps/services-external/values-postfix.yaml.gotmpl @@ -1,5 +1,5 @@ {{/* -SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" SPDX-License-Identifier: Apache-2.0 */}} @@ -15,7 +15,7 @@ containerSecurityContext: enabled: true seccompProfile: type: "RuntimeDefault" - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true runAsNonRoot: false runAsUser: 0 runAsGroup: 0 @@ -60,14 +60,20 @@ postfix: relayNets: {{ join " " .Values.cluster.networking.cidr | quote }} smtpSASLAuthEnable: "yes" smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map" - smtpUseTLS: "yes" - smtpdSASLAuthEnable: "no" + smtpTLSSecurityLevel: "encrypt" + smtpdSASLAuthEnable: "yes" smtpdSASLSecurityOptions: "noanonymous" - smtpdSASLType: "dovecot" - smtpdUseTLS: "yes" + smtpdSASLType: "cyrus" + smtpdTLSSecurityLevel: "may" smtpdTLSCertFile: "/etc/tls/tls.crt" smtpdKeyFile: "/etc/tls/tls.key" - smtpdSASLPath: "inet:dovecot:3659" + smtpdSASLPath: "smtpd" + + staticAuthDB: + enabled: true + username: "opendesk-system" + password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} + {{- if .Values.antivirus.milter.host }} smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}" {{- else }} @@ -77,7 +83,7 @@ postfix: smtpdMilters: "inet:clamav-simple:7357" {{- end }} {{- end }} - virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} + virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }} virtualTransport: "lmtps:dovecot:24" podAnnotations: {} @@ -87,10 +93,7 @@ replicaCount: {{ .Values.replicas.postfix }} resources: {{ .Values.resources.postfix | toYaml | nindent 2 }} -{{- if or (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "LoadBalancer") }} service: external: - enabled: true - type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }} -{{- end }} + enabled: false ... diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index 26799b37..3d1b39ed 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -167,8 +167,10 @@ properties: ## SMTP settings "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}" "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }} - "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": 25 - "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=false" + "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": 587 + "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=true" + "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} + "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.password": {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} ## Link LDAP users and users authenticated through OIDC "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1 "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 0123b873..00f93b69 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 # @@ -419,7 +419,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix" name: "postfix" - version: "2.3.0" + version: "2.3.2" verify: true postgresql: # providerCategory: "Platform" diff --git a/helmfile/environments/default/global.yaml.gotmpl b/helmfile/environments/default/global.yaml.gotmpl index 376a4e78..81724929 100644 --- a/helmfile/environments/default/global.yaml.gotmpl +++ b/helmfile/environments/default/global.yaml.gotmpl @@ -1,5 +1,5 @@ {{/* -SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" SPDX-License-Identifier: Apache-2.0 */}} @@ -17,6 +17,10 @@ global: # mailDomain: {{ env "MAIL_DOMAIN" | quote }} + ## Define additional mail domains, comma separated, e.g. domain1.de,domain2.de + # + additionalMailDomains: "" + ## Define synapse host ## If this is unset the "domain" value above should be used in all references # diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index 37bf4bae..7cda1ad2 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -880,7 +880,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/postfix" - tag: "2.0.0@sha256:5b2432dc09318db172a593bca860887ee9d713b9987db64f8b265f3e08a1d374" + tag: "3.0.1@sha256:d2c6543b35b616ac3e6c8c27222d3154c0d35680813a8942ce0cc3fa9ea72a6d" postgresql: # providerCategory: "Community" # providerResponsible: "openDesk" diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl index 431952be..299913d2 100644 --- a/helmfile/environments/default/secrets.yaml.gotmpl +++ b/helmfile/environments/default/secrets.yaml.gotmpl @@ -23,6 +23,8 @@ secrets: synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "as_token" | sha1sum | quote }} oxConnector: provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ox-connector" | sha1sum | quote }} + postfix: + opendeskSystemPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postfix" "opendesk-system" | sha1sum | quote }} nubus: masterpassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }} ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}