mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
fix(open-xchange): Enable ICAP and merge yaml and gotmpl files
This commit is contained in:
Thorsten Roßner
@@ -38,8 +38,7 @@ releases:
|
||||
chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
|
||||
version: "{{ .Values.charts.dovecot.version }}"
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
- "values-dovecot.yaml.gotmpl"
|
||||
installed: {{ .Values.dovecot.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -47,10 +46,8 @@ releases:
|
||||
chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}"
|
||||
version: "{{ .Values.charts.openXchangeAppSuite.version }}"
|
||||
values:
|
||||
- "values-openxchange.yaml"
|
||||
- "values-openxchange.gotmpl"
|
||||
- "values-openxchange-enterprise-contact-picker.yaml"
|
||||
- "values-openxchange-enterprise-contact-picker.gotmpl"
|
||||
- "values-openxchange.yaml.gotmpl"
|
||||
- "values-openxchange-enterprise-contact-picker.yaml.gotmpl"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -58,7 +55,7 @@ releases:
|
||||
chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}"
|
||||
version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}"
|
||||
values:
|
||||
- "values-openxchange-bootstrap.gotmpl"
|
||||
- "values-openxchange-bootstrap.yaml.gotmpl"
|
||||
installed: {{ .Values.oxAppsuite.enabled }}
|
||||
timeout: 900
|
||||
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "KILL"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SYS_CHROOT"
|
||||
enabled: true
|
||||
readOnlyRootFilesystem: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
dovecot:
|
||||
ldap:
|
||||
enabled: true
|
||||
port: 389
|
||||
base: "dc=swp-ldap,dc=internal"
|
||||
|
||||
oidc:
|
||||
enabled: true
|
||||
clientID: "opendesk-dovecot"
|
||||
usernameAttribute: "opendesk_username"
|
||||
|
||||
submission:
|
||||
enabled: true
|
||||
ssl: "no"
|
||||
host: "postfix:25"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
...
|
||||
@@ -18,16 +18,28 @@ dovecot:
|
||||
mailDomain: {{ .Values.global.domain | quote }}
|
||||
password: {{ .Values.secrets.dovecot.doveadm | quote }}
|
||||
ldap:
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
enabled: true
|
||||
host: {{ .Values.ldap.host | quote }}
|
||||
port: 389
|
||||
base: "dc=swp-ldap,dc=internal"
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
enabled: true
|
||||
clientID: "opendesk-dovecot"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
|
||||
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
|
||||
introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.dovecot | quote }}
|
||||
clientID: "opendesk-dovecot"
|
||||
usernameAttribute: "opendesk_username"
|
||||
loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }}
|
||||
|
||||
submission:
|
||||
enabled: true
|
||||
ssl: "no"
|
||||
host: "postfix:25"
|
||||
|
||||
|
||||
|
||||
certificate:
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
@@ -37,6 +49,28 @@ replicaCount: {{ .Values.replicas.dovecot }}
|
||||
replicaCount: 1
|
||||
{{- end }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "KILL"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SYS_CHROOT"
|
||||
enabled: true
|
||||
readOnlyRootFilesystem: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
|
||||
persistence:
|
||||
{{- if .Values.cluster.persistence.readWriteMany.enabled }}
|
||||
storageClassName: {{ .Values.persistence.storageClassNames.RWX | quote }}
|
||||
@@ -1,18 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
appsuite:
|
||||
core-mw:
|
||||
secretYAMLFiles:
|
||||
ldap-client-config.yml:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
host:
|
||||
address: {{ .Values.ldap.host | quote }}
|
||||
port: 389
|
||||
auth:
|
||||
adminDN:
|
||||
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
|
||||
...
|
||||
@@ -16,10 +16,14 @@ appsuite:
|
||||
contactsLdapClient:
|
||||
pool:
|
||||
type: "simple"
|
||||
host:
|
||||
address: {{ .Values.ldap.host | quote }}
|
||||
port: 389
|
||||
auth:
|
||||
type: "adminDN"
|
||||
adminDN:
|
||||
dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
|
||||
|
||||
uiSettings:
|
||||
# Enterprise contact picker
|
||||
@@ -1,222 +0,0 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
mysql:
|
||||
host: {{ .Values.databases.oxAppsuite.host | quote }}
|
||||
database: {{ .Values.databases.oxAppsuite.name | quote }}
|
||||
auth:
|
||||
user: {{ .Values.databases.oxAppsuite.username | quote }}
|
||||
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
|
||||
nextcloud-integration-ui:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
|
||||
|
||||
public-sector-ui:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangePublicSectorUI.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
|
||||
|
||||
appsuite:
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
ingressGateway:
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
virtualServices:
|
||||
appsuite:
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
dav:
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
|
||||
core-mw:
|
||||
masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
gotenberg:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry | default .Values.images.openxchangeGotenberg.registry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
||||
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
|
||||
properties:
|
||||
"com.openexchange.oauth.provider.jwt.jwksUri": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
"com.openexchange.oauth.provider.allowedIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
"com.openexchange.authentication.oauth.tokenEndpoint": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
"com.openexchange.authentication.oauth.clientSecret": {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
"com.openexchange.oidc.rpRedirectURIAuth": "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/auth"
|
||||
"com.openexchange.oidc.opAuthorizationEndpoint": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
"com.openexchange.oidc.opTokenEndpoint": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
"com.openexchange.oidc.opIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
"com.openexchange.oidc.opJwkSetEndpoint": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
"com.openexchange.oidc.clientSecret": {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
"com.openexchange.oidc.rpRedirectURIPostSSOLogout": "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/logout"
|
||||
"com.openexchange.oidc.opLogoutEndpoint": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
"com.openexchange.oidc.rpRedirectURILogout": "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
secretProperties:
|
||||
com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppsuite.cookieHashSalt | quote }}
|
||||
com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey | quote }}
|
||||
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }}
|
||||
propertiesFiles:
|
||||
"/opt/open-xchange/etc/ldapauth.properties":
|
||||
bindDNPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
|
||||
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
|
||||
uiSettings:
|
||||
"io.ox.nextcloud//server": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||
"io.ox.public-sector//ics/url": "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||
# Dynamic theme
|
||||
io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
|
||||
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
|
||||
io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
|
||||
io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
|
||||
io.ox/dynamic-theme//listHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
io.ox/dynamic-theme//folderBackground: {{ .Values.theme.colors.white | quote }}
|
||||
io.ox/dynamic-theme//folderSelected: {{ .Values.theme.colors.primary15 | quote }}
|
||||
io.ox/dynamic-theme//folderHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
secretETCFiles:
|
||||
# Format of the OX Guard master key:
|
||||
# MC+base64(20 random bytes)
|
||||
# RC+base64(20 random bytes)
|
||||
oxguardpass: |
|
||||
{{ .Values.secrets.oxAppsuite.oxguardMC }}
|
||||
{{ .Values.secrets.oxAppsuite.oxguardRC }}
|
||||
redis:
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreMW.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
update:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
|
||||
|
||||
core-ui:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUI.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
|
||||
|
||||
core-ui-middleware:
|
||||
ingress:
|
||||
hosts:
|
||||
- host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
enabled: false
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUIMiddleware.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
redis:
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
|
||||
updater:
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 6 }}
|
||||
|
||||
core-documentconverter:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeDocumentConverter.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
|
||||
|
||||
core-guidedtours:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreGuidedtours.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
|
||||
|
||||
core-imageconverter:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeImageConverter.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
|
||||
|
||||
guard-ui:
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry | default .Values.images.openxchangeGuardUI.registry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
||||
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
|
||||
|
||||
core-user-guide:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUserGuide.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreUserGuide.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUserGuide.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
|
||||
...
|
||||
@@ -1,347 +0,0 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
appsuite:
|
||||
appsuite-toolkit:
|
||||
enabled: false
|
||||
istio:
|
||||
ingressGateway:
|
||||
name: "opendesk-gateway-istio-gateway"
|
||||
|
||||
switchboard:
|
||||
enabled: false
|
||||
|
||||
core-mw:
|
||||
enabled: true
|
||||
masterAdmin: "admin"
|
||||
gotenberg:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
features:
|
||||
status:
|
||||
# enable admin pack
|
||||
# admin: enabled
|
||||
documents: "disabled"
|
||||
guard: "enabled"
|
||||
packages:
|
||||
status:
|
||||
open-xchange-oidc: "enabled"
|
||||
open-xchange-authentication-database: "disabled"
|
||||
open-xchange-authentication-oauth: "enabled"
|
||||
properties:
|
||||
com.openexchange.UIWebPath: "/appsuite/"
|
||||
com.openexchange.showAdmin: "false"
|
||||
# PDF Export
|
||||
com.openexchange.capability.mail_export_pdf: "true"
|
||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980"
|
||||
com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000"
|
||||
# OIDC
|
||||
com.openexchange.oidc.enabled: "true"
|
||||
com.openexchange.oidc.autologinCookieMode: "ox_direct"
|
||||
com.openexchange.oidc.contextLookupClaim: "context"
|
||||
com.openexchange.oidc.contextLookupNamePart: "full"
|
||||
com.openexchange.oidc.backchannelLogoutEnabled: "true"
|
||||
com.openexchange.oidc.startDefaultBackend: "true"
|
||||
com.openexchange.oidc.ssoLogout: "true"
|
||||
com.openexchange.oidc.userLookupNamePart: "full"
|
||||
com.openexchange.oidc.userLookupClaim: "opendesk_username"
|
||||
com.openexchange.oidc.clientId: "opendesk-oxappsuite"
|
||||
# OAUTH
|
||||
com.openexchange.oauth.provider.enabled: "true"
|
||||
com.openexchange.oauth.provider.contextLookupClaim: "context"
|
||||
com.openexchange.oauth.provider.contextLookupNamePart: "full"
|
||||
com.openexchange.oauth.provider.mode: "expect_jwt"
|
||||
com.openexchange.oauth.provider.userLookupNamePart: "full"
|
||||
com.openexchange.oauth.provider.userLookupClaim: "opendesk_username"
|
||||
com.openexchange.authentication.oauth.clientId: "opendesk-oxappsuite"
|
||||
# MAIL
|
||||
com.openexchange.mail.authType: "xoauth2"
|
||||
com.openexchange.mail.loginSource: "mail"
|
||||
com.openexchange.mail.mailServer: "dovecot"
|
||||
com.openexchange.mail.mailServerSource: "global"
|
||||
com.openexchange.mail.transport.authType: "xoauth2"
|
||||
com.openexchange.mail.transportServer: "postfix"
|
||||
com.openexchange.mail.transportServerSource: "global"
|
||||
# Mailfilter
|
||||
com.openexchange.mail.filter.loginType: "global"
|
||||
com.openexchange.mail.filter.credentialSource: "mail"
|
||||
com.openexchange.mail.filter.server: "dovecot"
|
||||
com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
|
||||
# Dovecot
|
||||
com.openexchange.imap.attachmentMarker.enabled: "true"
|
||||
# Capabilities
|
||||
# Old capability can be used to toggle all integrations with a single switch
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
# New capabilities in 2.0
|
||||
com.openexchange.capability.public-sector-element: "true"
|
||||
com.openexchange.capability.public-sector-navigation: "true"
|
||||
com.openexchange.capability.client-onboarding: "true"
|
||||
com.openexchange.capability.dynamic-theme: "true"
|
||||
com.openexchange.capability.filestorage_nextcloud: "true"
|
||||
com.openexchange.capability.filestorage_nextcloud_oauth: "true"
|
||||
com.openexchange.capability.guard: "true"
|
||||
com.openexchange.capability.guard-mail: "true"
|
||||
com.openexchange.capability.smime: "true"
|
||||
com.openexchange.capability.share_links: "false"
|
||||
com.openexchange.capability.invite_guests: "false"
|
||||
com.openexchange.capability.document_preview: "true"
|
||||
# Secondary Accounts
|
||||
com.openexchange.mail.secondary.authType: "XOAUTH2"
|
||||
com.openexchange.mail.transport.secondary.authType: "xoauth2"
|
||||
# Nextcloud integration
|
||||
com.openexchange.file.storage.nextcloud.oauth.url: "http://opendesk-nextcloud-apache2/"
|
||||
com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user"
|
||||
com.openexchange.nextcloud.filepicker.includeAccessToken: "false"
|
||||
# GDPR
|
||||
com.openexchange.gdpr.dataexport.enabled: "false"
|
||||
com.openexchange.gdpr.dataexport.active: "false"
|
||||
# Guard
|
||||
com.openexchange.guard.storage.file.fileStorageType: "file"
|
||||
com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/"
|
||||
com.openexchange.guard.guestSMTPServer: "postfix"
|
||||
# S/MIME
|
||||
# Usage (in browser console after login):
|
||||
# http = (await import('./io.ox/core/http.js')).default
|
||||
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
|
||||
com.openexchange.smime.test: "true"
|
||||
# Other
|
||||
com.openexchange.secret.secretSource: "\"<user-id> + '@' + <context-id> + '/' + <random>\""
|
||||
propertiesFiles:
|
||||
/opt/open-xchange/etc/AdminDaemon.properties:
|
||||
MASTER_ACCOUNT_OVERRIDE: "true"
|
||||
/opt/open-xchange/etc/system.properties:
|
||||
SERVER_NAME: "oxserver"
|
||||
/opt/open-xchange/etc/ldapauth.properties:
|
||||
bindOnly: "false"
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
|
||||
uiSettings:
|
||||
# Show the Enterprise Picker in the top right corner instead of the launcher drop-down
|
||||
io.ox/core//features/enterprisePicker/showLauncher: "false"
|
||||
io.ox/core//features/enterprisePicker/showTopRightLauncher: "true"
|
||||
# Text and icon color in the topbar
|
||||
io.ox/dynamic-theme//topbarColor: "#000"
|
||||
io.ox/dynamic-theme//logoWidth: "82"
|
||||
io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)"
|
||||
# Resources
|
||||
io.ox/core//features/resourceCalendars: "true"
|
||||
io.ox/core//features/managedResources: "true"
|
||||
# Categories
|
||||
io.ox/core//features/categories: "true"
|
||||
io.ox/core//categories/predefined: >
|
||||
[{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]
|
||||
# Nextcloud integration
|
||||
# io.ox.nextcloud//server: "https://ics.<DOMAIN>/fs/"
|
||||
# Central navigation
|
||||
io.ox.public-sector//navigation/oxtabname: "tab_groupware"
|
||||
# io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
|
||||
io.ox/core//apps/quickLaunchCount: "0"
|
||||
io.ox/core//coloredIcons: "false"
|
||||
# Mail templates
|
||||
io.ox/core//features/templates: "true"
|
||||
# Contact Collector
|
||||
io.ox/mail//contactCollectOnMailTransport: "true"
|
||||
# io.ox/mail//contactCollectOnMailAccess: "true"
|
||||
|
||||
asConfig:
|
||||
default:
|
||||
host: "all"
|
||||
pageHeaderPrefix: "as8.souvap App Suite"
|
||||
oidcLogin: true
|
||||
oidcPath: "/oidc"
|
||||
|
||||
redis:
|
||||
enabled: true
|
||||
mode: "standalone"
|
||||
hosts:
|
||||
- "redis-master"
|
||||
|
||||
hooks:
|
||||
beforeAppsuiteStart:
|
||||
create-guard-dir.sh: |
|
||||
mkdir -p /opt/open-xchange/guard-files
|
||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||
|
||||
# Security context for core-mw has no effect yet
|
||||
# podSecurityContext: {}
|
||||
# securityContext: {}
|
||||
|
||||
core-ui:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-ui-middleware:
|
||||
enabled: true
|
||||
overrides: {}
|
||||
redis:
|
||||
mode: "standalone"
|
||||
hosts:
|
||||
- "redis-master:6379"
|
||||
auth:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-guidedtours:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
guard-ui:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-cacheservice:
|
||||
enabled: false
|
||||
|
||||
core-user-guide:
|
||||
enabled: true
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-imageconverter:
|
||||
enabled: true
|
||||
objectCache:
|
||||
s3ObjectStores:
|
||||
- id: -1
|
||||
endpoint: "."
|
||||
accessKey: "."
|
||||
secretKey: "."
|
||||
podSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 987
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
securityContext:
|
||||
# missing:
|
||||
# readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
|
||||
core-spellcheck:
|
||||
enabled: false
|
||||
|
||||
core-documentconverter:
|
||||
enabled: true
|
||||
documentConverter:
|
||||
cache:
|
||||
remoteCache:
|
||||
enabled: false
|
||||
podSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 987
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
securityContext:
|
||||
# missing:
|
||||
# readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
|
||||
core-documents-collaboration:
|
||||
enabled: false
|
||||
office-web:
|
||||
enabled: false
|
||||
office-user-guide:
|
||||
enabled: false
|
||||
plugins-ui:
|
||||
enabled: false
|
||||
cloud-plugins-ui:
|
||||
enabled: false
|
||||
drive-client-windows-ox:
|
||||
enabled: false
|
||||
core-drive-help:
|
||||
enabled: false
|
||||
|
||||
nextcloud-integration-ui:
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
public-sector-ui:
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
536
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
Normal file
536
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
Normal file
@@ -0,0 +1,536 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
mysql:
|
||||
host: {{ .Values.databases.oxAppsuite.host | quote }}
|
||||
database: {{ .Values.databases.oxAppsuite.name | quote }}
|
||||
auth:
|
||||
user: {{ .Values.databases.oxAppsuite.username | quote }}
|
||||
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
|
||||
nextcloud-integration-ui:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
public-sector-ui:
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangePublicSectorUI.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
appsuite:
|
||||
appsuite-toolkit:
|
||||
enabled: false
|
||||
switchboard:
|
||||
enabled: false
|
||||
istio:
|
||||
enabled: {{ .Values.istio.enabled }}
|
||||
ingressGateway:
|
||||
name: "opendesk-gateway-istio-gateway"
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
virtualServices:
|
||||
appsuite:
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
dav:
|
||||
hosts:
|
||||
- "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
core-mw:
|
||||
enabled: true
|
||||
asConfig:
|
||||
default:
|
||||
host: "all"
|
||||
pageHeaderPrefix: "as8.souvap App Suite"
|
||||
oidcLogin: true
|
||||
oidcPath: "/oidc"
|
||||
masterAdmin: "admin"
|
||||
masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
features:
|
||||
status:
|
||||
# enable admin pack
|
||||
# admin: enabled
|
||||
documents: "disabled"
|
||||
guard: "enabled"
|
||||
gotenberg:
|
||||
enabled: true
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry | default .Values.images.openxchangeGotenberg.registry }}/{{ .Values.images.openxchangeGotenberg.repository }}"
|
||||
tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1001
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
hooks:
|
||||
beforeAppsuiteStart:
|
||||
create-guard-dir.sh: |
|
||||
mkdir -p /opt/open-xchange/guard-files
|
||||
chown open-xchange:open-xchange /opt/open-xchange/guard-files
|
||||
packages:
|
||||
status:
|
||||
open-xchange-oidc: "enabled"
|
||||
open-xchange-authentication-database: "disabled"
|
||||
open-xchange-authentication-oauth: "enabled"
|
||||
properties:
|
||||
com.openexchange.UIWebPath: "/appsuite/"
|
||||
com.openexchange.showAdmin: "false"
|
||||
# PDF Export
|
||||
com.openexchange.capability.mail_export_pdf: "true"
|
||||
com.openexchange.mail.exportpdf.gotenberg.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true"
|
||||
com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980"
|
||||
com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000"
|
||||
# OIDC
|
||||
com.openexchange.oidc.enabled: "true"
|
||||
com.openexchange.oidc.autologinCookieMode: "ox_direct"
|
||||
com.openexchange.oidc.backchannelLogoutEnabled: "true"
|
||||
com.openexchange.oidc.clientId: "opendesk-oxappsuite"
|
||||
com.openexchange.oidc.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
com.openexchange.oidc.contextLookupClaim: "context"
|
||||
com.openexchange.oidc.contextLookupNamePart: "full"
|
||||
com.openexchange.oidc.opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
|
||||
com.openexchange.oidc.opIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
com.openexchange.oidc.opJwkSetEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
|
||||
com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/auth"
|
||||
com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}/appsuite/api/oidc/logout"
|
||||
com.openexchange.oidc.ssoLogout: "true"
|
||||
com.openexchange.oidc.startDefaultBackend: "true"
|
||||
com.openexchange.oidc.userLookupClaim: "opendesk_username"
|
||||
com.openexchange.oidc.userLookupNamePart: "full"
|
||||
# OAUTH
|
||||
com.openexchange.oauth.provider.enabled: "true"
|
||||
com.openexchange.oauth.provider.allowedIssuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
com.openexchange.oauth.provider.contextLookupClaim: "context"
|
||||
com.openexchange.oauth.provider.contextLookupNamePart: "full"
|
||||
com.openexchange.oauth.provider.jwt.jwksUri: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
com.openexchange.oauth.provider.mode: "expect_jwt"
|
||||
com.openexchange.oauth.provider.userLookupNamePart: "full"
|
||||
com.openexchange.oauth.provider.userLookupClaim: "opendesk_username"
|
||||
com.openexchange.authentication.oauth.clientId: "opendesk-oxappsuite"
|
||||
com.openexchange.authentication.oauth.tokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
|
||||
com.openexchange.authentication.oauth.clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
# MAIL
|
||||
com.openexchange.mail.authType: "xoauth2"
|
||||
com.openexchange.mail.loginSource: "mail"
|
||||
com.openexchange.mail.mailServer: "dovecot"
|
||||
com.openexchange.mail.mailServerSource: "global"
|
||||
com.openexchange.mail.transport.authType: "xoauth2"
|
||||
com.openexchange.mail.transportServer: "postfix"
|
||||
com.openexchange.mail.transportServerSource: "global"
|
||||
# Mailfilter
|
||||
com.openexchange.mail.filter.loginType: "global"
|
||||
com.openexchange.mail.filter.credentialSource: "mail"
|
||||
com.openexchange.mail.filter.server: "dovecot"
|
||||
com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2"
|
||||
# Dovecot
|
||||
com.openexchange.imap.attachmentMarker.enabled: "true"
|
||||
# Capabilities
|
||||
# Old capability can be used to toggle all integrations with a single switch
|
||||
com.openexchange.capability.public-sector: "true"
|
||||
# New capabilities in 2.0
|
||||
com.openexchange.capability.public-sector-element: "true"
|
||||
com.openexchange.capability.public-sector-navigation: "true"
|
||||
com.openexchange.capability.client-onboarding: "true"
|
||||
com.openexchange.capability.dynamic-theme: "true"
|
||||
com.openexchange.capability.filestorage_nextcloud: "true"
|
||||
com.openexchange.capability.filestorage_nextcloud_oauth: "true"
|
||||
com.openexchange.capability.guard: "true"
|
||||
com.openexchange.capability.guard-mail: "true"
|
||||
com.openexchange.capability.smime: "true"
|
||||
com.openexchange.capability.share_links: "false"
|
||||
com.openexchange.capability.invite_guests: "false"
|
||||
com.openexchange.capability.document_preview: "true"
|
||||
# Secondary Accounts
|
||||
com.openexchange.mail.secondary.authType: "XOAUTH2"
|
||||
com.openexchange.mail.transport.secondary.authType: "xoauth2"
|
||||
# Nextcloud integration
|
||||
com.openexchange.file.storage.nextcloud.oauth.url: "http://opendesk-nextcloud-apache2/"
|
||||
com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user"
|
||||
com.openexchange.nextcloud.filepicker.includeAccessToken: "false"
|
||||
# GDPR
|
||||
com.openexchange.gdpr.dataexport.enabled: "false"
|
||||
com.openexchange.gdpr.dataexport.active: "false"
|
||||
# Guard
|
||||
com.openexchange.guard.storage.file.fileStorageType: "file"
|
||||
com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/"
|
||||
com.openexchange.guard.guestSMTPServer: "postfix"
|
||||
# S/MIME
|
||||
# Usage (in browser console after login):
|
||||
# http = (await import('./io.ox/core/http.js')).default
|
||||
# await http.POST({ module: 'oxguard/smime', params: { action: 'test' } })
|
||||
com.openexchange.smime.test: "true"
|
||||
# Other
|
||||
com.openexchange.secret.secretSource: "\"<user-id> + '@' + <context-id> + '/' + <random>\""
|
||||
secretProperties:
|
||||
com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppsuite.cookieHashSalt | quote }}
|
||||
com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey | quote }}
|
||||
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }}
|
||||
propertiesFiles:
|
||||
/opt/open-xchange/etc/AdminDaemon.properties:
|
||||
MASTER_ACCOUNT_OVERRIDE: "true"
|
||||
/opt/open-xchange/etc/system.properties:
|
||||
SERVER_NAME: "oxserver"
|
||||
/opt/open-xchange/etc/ldapauth.properties:
|
||||
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
bindDNPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
|
||||
bindOnly: "false"
|
||||
/opt/open-xchange/etc/antivirus.properties:
|
||||
com.openexchange.antivirus.enabled: "true"
|
||||
{{- if .Values.clamavDistributed.enabled }}
|
||||
com.openexchange.antivirus.server: "clamav-icap"
|
||||
{{- else if .Values.clamavSimple.enabled }}
|
||||
com.openexchange.antivirus.server: "clamav-simple"
|
||||
{{- end }}
|
||||
com.openexchange.antivirus.port: "1344"
|
||||
com.openexchange.antivirus.maxFileSize: "1024"
|
||||
uiSettings:
|
||||
io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
|
||||
io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
|
||||
# Show the Enterprise Picker in the top right corner instead of the launcher drop-down
|
||||
io.ox/core//features/enterprisePicker/showLauncher: "false"
|
||||
io.ox/core//features/enterprisePicker/showTopRightLauncher: "true"
|
||||
# Text and icon color in the topbar
|
||||
io.ox/dynamic-theme//topbarColor: "#000"
|
||||
io.ox/dynamic-theme//logoWidth: "82"
|
||||
io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)"
|
||||
# Resources
|
||||
io.ox/core//features/resourceCalendars: "true"
|
||||
io.ox/core//features/managedResources: "true"
|
||||
# Categories
|
||||
io.ox/core//features/categories: "true"
|
||||
io.ox/core//categories/predefined: >
|
||||
[{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }]
|
||||
# Nextcloud integration
|
||||
# io.ox.nextcloud//server: "https://ics.<DOMAIN>/fs/"
|
||||
# Central navigation
|
||||
io.ox.public-sector//navigation/oxtabname: "tab_groupware"
|
||||
# io.ox.public-sector//ics/url: "https://ics.<DOMAIN>/"
|
||||
io.ox/core//apps/quickLaunchCount: "0"
|
||||
io.ox/core//coloredIcons: "false"
|
||||
# Mail templates
|
||||
io.ox/core//features/templates: "true"
|
||||
# Contact Collector
|
||||
io.ox/mail//contactCollectOnMailTransport: "true"
|
||||
# io.ox/mail//contactCollectOnMailAccess: "true"
|
||||
# Dynamic theme
|
||||
io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
|
||||
io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
|
||||
io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
|
||||
io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
|
||||
io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
|
||||
io.ox/dynamic-theme//listHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
io.ox/dynamic-theme//folderBackground: {{ .Values.theme.colors.white | quote }}
|
||||
io.ox/dynamic-theme//folderSelected: {{ .Values.theme.colors.primary15 | quote }}
|
||||
io.ox/dynamic-theme//folderHover: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
secretETCFiles:
|
||||
# Format of the OX Guard master key:
|
||||
# MC+base64(20 random bytes)
|
||||
# RC+base64(20 random bytes)
|
||||
oxguardpass: |
|
||||
{{ .Values.secrets.oxAppsuite.oxguardMC }}
|
||||
{{ .Values.secrets.oxAppsuite.oxguardRC }}
|
||||
redis:
|
||||
enabled: true
|
||||
mode: "standalone"
|
||||
hosts:
|
||||
- "redis-master"
|
||||
auth:
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreMW.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
# Security context for core-mw has no effect yet
|
||||
# podSecurityContext: {}
|
||||
# securityContext: {}
|
||||
update:
|
||||
image:
|
||||
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreMW.tag | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreMW | toYaml | nindent 6 }}
|
||||
|
||||
core-ui:
|
||||
enabled: true
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUI.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreUI.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-ui-middleware:
|
||||
enabled: true
|
||||
ingress:
|
||||
hosts:
|
||||
- host: "{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
enabled: false
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUIMiddleware.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreUIMiddleware.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
overrides: {}
|
||||
redis:
|
||||
mode: "standalone"
|
||||
hosts:
|
||||
- "redis-master:6379"
|
||||
auth:
|
||||
enabled: true
|
||||
password: {{ .Values.secrets.redis.password | quote }}
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUIMiddleware | toYaml | nindent 6 }}
|
||||
updater:
|
||||
resources:
|
||||
{{ .Values.resources.openxchangeCoreUIMiddlewareUpdater | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-cacheservice:
|
||||
enabled: false
|
||||
|
||||
core-documentconverter:
|
||||
enabled: true
|
||||
documentConverter:
|
||||
cache:
|
||||
remoteCache:
|
||||
enabled: false
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeDocumentConverter.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
|
||||
podSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 987
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreDocumentConverter | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
# missing:
|
||||
# readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
|
||||
core-documents-collaboration:
|
||||
enabled: false
|
||||
office-web:
|
||||
enabled: false
|
||||
office-user-guide:
|
||||
enabled: false
|
||||
plugins-ui:
|
||||
enabled: false
|
||||
cloud-plugins-ui:
|
||||
enabled: false
|
||||
drive-client-windows-ox:
|
||||
enabled: false
|
||||
core-drive-help:
|
||||
enabled: false
|
||||
|
||||
core-guidedtours:
|
||||
enabled: true
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreGuidedtours.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-imageconverter:
|
||||
enabled: true
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeImageConverter.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
|
||||
objectCache:
|
||||
s3ObjectStores:
|
||||
- id: -1
|
||||
endpoint: "."
|
||||
accessKey: "."
|
||||
secretKey: "."
|
||||
podSecurityContext:
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 987
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreImageConverter | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
# missing:
|
||||
# readOnlyRootFilesystem: true
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
|
||||
guard-ui:
|
||||
enabled: true
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
image:
|
||||
repository: "{{ .Values.global.imageRegistry | default .Values.images.openxchangeGuardUI.registry }}/{{ .Values.images.openxchangeGuardUI.repository }}"
|
||||
tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
|
||||
core-spellcheck:
|
||||
enabled: false
|
||||
|
||||
core-user-guide:
|
||||
enabled: true
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.openxchangeCoreUserGuide.registry | quote }}
|
||||
repository: {{ .Values.images.openxchangeCoreUserGuide.repository | quote }}
|
||||
tag: {{ .Values.images.openxchangeCoreUserGuide.tag | quote }}
|
||||
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
imagePullSecrets:
|
||||
{{- range .Values.global.imagePullSecrets }}
|
||||
- name: {{ . | quote }}
|
||||
{{- end }}
|
||||
resources:
|
||||
{{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
...
|
||||
@@ -383,7 +383,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
|
||||
name: "opendesk-otterize"
|
||||
version: "1.5.0"
|
||||
version: "1.6.0"
|
||||
verify: true
|
||||
# @supplier: "openDesk"
|
||||
|
||||
|
||||
Reference in New Issue
Block a user