diff --git a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl index 7cf92bed..403ffc98 100644 --- a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl @@ -36,6 +36,14 @@ repositories: password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} oci: true url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.nginxS3Gateway.registry }}/{{ .Values.charts.nginxS3Gateway.repository }}" + # Nubus Helpdesk Chart + - name: "twofa-helpdesk" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.twofaHelpdesk.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.twofaHelpdesk.registry }}/{{ .Values.charts.twofaHelpdesk.repository }}" releases: # Univention Management Stack Umbrella Chart @@ -86,6 +94,18 @@ releases: installed: {{ .Values.apps.nubus.enabled }} timeout: 900 + # 2FA helpdesk + - name: "twofa-helpdesk" + chart: "twofa-helpdesk/{{ .Values.charts.twofaHelpdesk.name }}" + version: "{{ .Values.charts.twofaHelpdesk.version }}" + values: + - "values-twofa-helpdesk.yaml.gotmpl" + {{- range .Values.customization.release.twofaHelpdesk }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.nubus.enabled }} + timeout: 900 + commonLabels: deployStage: "050-components" component: "nubus" diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index af88bc61..b35582ff 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -46,6 +46,12 @@ global: repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }} imagePullPolicy: {{ .Values.global.imagePullPolicy }} tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }} + - name: "twofa-selfservice" + image: + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusTwoFaSelfserviceProvisioning.registry | quote }} + repository: {{ .Values.images.nubusTwoFaSelfserviceProvisioning.repository }} + imagePullPolicy: Always #{{ .Values.global.imagePullPolicy }} + tag: {{ .Values.images.nubusTwoFaSelfserviceProvisioning.tag }} # -- Allows to configure the system extensions to load. This is intended for # internal usage, prefer to use `global.extensions` for user configured @@ -1510,6 +1516,9 @@ nubusStackDataUms: portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }} oxDefaultContext: "1" oxContextHidden: true + twofaSelfserviceTileCategory: self-service-profile + twofaAdminTileCategory: od.applications + portalTwoFaLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }} ldapSearchUsers: {{- range $username, $password := .Values.secrets.nubus.ldapSearch }} - username: {{ printf "ldapsearch_%s" $username | quote }} diff --git a/helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl b/helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl new file mode 100644 index 00000000..454acf7a --- /dev/null +++ b/helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl @@ -0,0 +1,21 @@ +{{/* +SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-License-Identifier: Apache-2.0 +*/}} +--- + +global: + keycloak: + realm: {{ .Values.platform.realm | quote }} + +nubusBaseUrl: {{ printf "%s.%s" .Values.global.hosts.nubus .Values.global.domain }} +twofaHelpdeskBackend: + auth: + username: kcadmin + config: + keycloak_url: {{ printf "https://%s.%s" .Values.global.hosts.keycloak .Values.global.domain }} + oidc_host: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain }} + oidc_realm: {{ .Values.platform.realm | quote }} + twofa_admin_groups: ["/twofa_admins"] +tls: + secretName: {{ .Values.ingress.tls.secretName | quote }} diff --git a/helmfile/environments/default/customization.yaml.gotmpl b/helmfile/environments/default/customization.yaml.gotmpl index bd158976..f8b8e2c9 100644 --- a/helmfile/environments/default/customization.yaml.gotmpl +++ b/helmfile/environments/default/customization.yaml.gotmpl @@ -55,6 +55,7 @@ customization: intercomService: {} opendeskKeycloakBootstrap: {} nginxS3Gateway: {} + twofaHelpdesk: {} # open-xchange dovecot: {} openxchange: {} diff --git a/helmfile/environments/default/global.yaml.gotmpl b/helmfile/environments/default/global.yaml.gotmpl index 34412a36..047517b5 100644 --- a/helmfile/environments/default/global.yaml.gotmpl +++ b/helmfile/environments/default/global.yaml.gotmpl @@ -59,6 +59,7 @@ global: synapse: "matrix" synapseAdmin: "synapse-admin" synapseFederation: "matrix-federation" + twofaSelfservice: "twofa" whiteboard: "whiteboard" xwiki: "wiki" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index e20cfb33..a44272aa 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -411,6 +411,13 @@ images: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init" tag: "0.19.1@sha256:9030841a136d9addc37b2b62d39d80b113b824e50bd9cdcd5cf2c22bad74eeb0" + nubusTwoFaSelfserviceProvisioning: + registry: "harbor-registry.atlantishq.de" + repository: "atlantishq/twofa-portal-extensions" + tag: "new8" + #registry: "artifacts.software-univention.de" + #repository: "nubus-dev/images/twofa-helpdesk-extensions" + #tag: "0.2.0-pre-ys-dev-portal-links" nubusKeycloak: # providerCategory: "Supplier" # providerResponsible: "Univention"