mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-09 00:38:34 +01:00
feat(nubus): add twofa-helpdesk integration
This commit is contained in:
Yannik Schmidt
@@ -36,6 +36,14 @@ repositories:
|
|||||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||||
oci: true
|
oci: true
|
||||||
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.nginxS3Gateway.registry }}/{{ .Values.charts.nginxS3Gateway.repository }}"
|
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.nginxS3Gateway.registry }}/{{ .Values.charts.nginxS3Gateway.repository }}"
|
||||||
|
# Nubus Helpdesk Chart
|
||||||
|
- name: "twofa-helpdesk"
|
||||||
|
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||||
|
verify: {{ .Values.charts.twofaHelpdesk.verify }}
|
||||||
|
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||||
|
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||||
|
oci: true
|
||||||
|
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.twofaHelpdesk.registry }}/{{ .Values.charts.twofaHelpdesk.repository }}"
|
||||||
|
|
||||||
releases:
|
releases:
|
||||||
# Univention Management Stack Umbrella Chart
|
# Univention Management Stack Umbrella Chart
|
||||||
@@ -86,6 +94,18 @@ releases:
|
|||||||
installed: {{ .Values.apps.nubus.enabled }}
|
installed: {{ .Values.apps.nubus.enabled }}
|
||||||
timeout: 900
|
timeout: 900
|
||||||
|
|
||||||
|
# 2FA helpdesk
|
||||||
|
- name: "twofa-helpdesk"
|
||||||
|
chart: "twofa-helpdesk/{{ .Values.charts.twofaHelpdesk.name }}"
|
||||||
|
version: "{{ .Values.charts.twofaHelpdesk.version }}"
|
||||||
|
values:
|
||||||
|
- "values-twofa-helpdesk.yaml.gotmpl"
|
||||||
|
{{- range .Values.customization.release.twofaHelpdesk }}
|
||||||
|
- {{ . }}
|
||||||
|
{{- end }}
|
||||||
|
installed: {{ .Values.apps.nubus.enabled }}
|
||||||
|
timeout: 900
|
||||||
|
|
||||||
commonLabels:
|
commonLabels:
|
||||||
deployStage: "050-components"
|
deployStage: "050-components"
|
||||||
component: "nubus"
|
component: "nubus"
|
||||||
|
|||||||
@@ -46,6 +46,12 @@ global:
|
|||||||
repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }}
|
repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }}
|
||||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||||
tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }}
|
tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }}
|
||||||
|
- name: "twofa-selfservice"
|
||||||
|
image:
|
||||||
|
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusTwoFaSelfserviceProvisioning.registry | quote }}
|
||||||
|
repository: {{ .Values.images.nubusTwoFaSelfserviceProvisioning.repository }}
|
||||||
|
imagePullPolicy: Always #{{ .Values.global.imagePullPolicy }}
|
||||||
|
tag: {{ .Values.images.nubusTwoFaSelfserviceProvisioning.tag }}
|
||||||
|
|
||||||
# -- Allows to configure the system extensions to load. This is intended for
|
# -- Allows to configure the system extensions to load. This is intended for
|
||||||
# internal usage, prefer to use `global.extensions` for user configured
|
# internal usage, prefer to use `global.extensions` for user configured
|
||||||
@@ -1510,6 +1516,9 @@ nubusStackDataUms:
|
|||||||
portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }}
|
portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }}
|
||||||
oxDefaultContext: "1"
|
oxDefaultContext: "1"
|
||||||
oxContextHidden: true
|
oxContextHidden: true
|
||||||
|
twofaSelfserviceTileCategory: self-service-profile
|
||||||
|
twofaAdminTileCategory: od.applications
|
||||||
|
portalTwoFaLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
|
||||||
ldapSearchUsers:
|
ldapSearchUsers:
|
||||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||||
|
|||||||
21
helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl
Normal file
21
helmfile/apps/nubus/values-twofa-helpdesk.yaml.gotmpl
Normal file
@@ -0,0 +1,21 @@
|
|||||||
|
{{/*
|
||||||
|
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||||
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
*/}}
|
||||||
|
---
|
||||||
|
|
||||||
|
global:
|
||||||
|
keycloak:
|
||||||
|
realm: {{ .Values.platform.realm | quote }}
|
||||||
|
|
||||||
|
nubusBaseUrl: {{ printf "%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
|
||||||
|
twofaHelpdeskBackend:
|
||||||
|
auth:
|
||||||
|
username: kcadmin
|
||||||
|
config:
|
||||||
|
keycloak_url: {{ printf "https://%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
|
||||||
|
oidc_host: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain }}
|
||||||
|
oidc_realm: {{ .Values.platform.realm | quote }}
|
||||||
|
twofa_admin_groups: ["/twofa_admins"]
|
||||||
|
tls:
|
||||||
|
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||||
@@ -55,6 +55,7 @@ customization:
|
|||||||
intercomService: {}
|
intercomService: {}
|
||||||
opendeskKeycloakBootstrap: {}
|
opendeskKeycloakBootstrap: {}
|
||||||
nginxS3Gateway: {}
|
nginxS3Gateway: {}
|
||||||
|
twofaHelpdesk: {}
|
||||||
# open-xchange
|
# open-xchange
|
||||||
dovecot: {}
|
dovecot: {}
|
||||||
openxchange: {}
|
openxchange: {}
|
||||||
|
|||||||
@@ -59,6 +59,7 @@ global:
|
|||||||
synapse: "matrix"
|
synapse: "matrix"
|
||||||
synapseAdmin: "synapse-admin"
|
synapseAdmin: "synapse-admin"
|
||||||
synapseFederation: "matrix-federation"
|
synapseFederation: "matrix-federation"
|
||||||
|
twofaSelfservice: "twofa"
|
||||||
whiteboard: "whiteboard"
|
whiteboard: "whiteboard"
|
||||||
xwiki: "wiki"
|
xwiki: "wiki"
|
||||||
|
|
||||||
|
|||||||
@@ -411,6 +411,13 @@ images:
|
|||||||
registry: "registry.opencode.de"
|
registry: "registry.opencode.de"
|
||||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
|
repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
|
||||||
tag: "0.19.1@sha256:9030841a136d9addc37b2b62d39d80b113b824e50bd9cdcd5cf2c22bad74eeb0"
|
tag: "0.19.1@sha256:9030841a136d9addc37b2b62d39d80b113b824e50bd9cdcd5cf2c22bad74eeb0"
|
||||||
|
nubusTwoFaSelfserviceProvisioning:
|
||||||
|
registry: "harbor-registry.atlantishq.de"
|
||||||
|
repository: "atlantishq/twofa-portal-extensions"
|
||||||
|
tag: "new8"
|
||||||
|
#registry: "artifacts.software-univention.de"
|
||||||
|
#repository: "nubus-dev/images/twofa-helpdesk-extensions"
|
||||||
|
#tag: "0.2.0-pre-ys-dev-portal-links"
|
||||||
nubusKeycloak:
|
nubusKeycloak:
|
||||||
# providerCategory: "Supplier"
|
# providerCategory: "Supplier"
|
||||||
# providerResponsible: "Univention"
|
# providerResponsible: "Univention"
|
||||||
|
|||||||
Reference in New Issue
Block a user