sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 15:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(element): Add the Matrix NeoBoard Widget deployment

Browse Source
This commit is contained in:
Dominik Henneke
2023-10-11 16:58:57 +02:00
parent b7f220a6b6
commit 5afd2339c2
8 changed files with 112 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
helmfile/apps/element/helmfile.yaml
View File

@@ -14,6 +14,18 @@ repositories:
verify: true verify: true
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
# openDesk Matrix Widgets
# Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets
- name: "opendesk-matrix-widgets-repo"
oci: true
# yamllint disable rule:line-length
url: >-
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }}
# yamllint enable rule:line-length
verify: true
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
releases: releases:
- name: "opendesk-element" - name: "opendesk-element"
chart: "opendesk-element-repo/opendesk-element" chart: "opendesk-element-repo/opendesk-element"
@@ -47,6 +59,14 @@ releases:
- "values-synapse.gotmpl" - "values-synapse.gotmpl"
condition: "element.enabled" condition: "element.enabled"
- name: "matrix-neoboard-widget"
chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
version: "3.0.0"
values:
- "values-matrix-neoboard-widget.yaml"
- "values-matrix-neoboard-widget.gotmpl"
condition: "element.enabled"
commonLabels: commonLabels:
deploy-stage: "component-1" deploy-stage: "component-1"
component: "element" component: "element"

25
helmfile/apps/element/values-element.gotmpl
View File

@@ -15,6 +15,31 @@ configuration:
additionalConfiguration: additionalConfiguration:
logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}" logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionCorporateServer }}.{{ .Values.global.domain }}"
"net.nordeck.element_web.module.widget_lifecycle":
widget_permissions:
"https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
identity_approved: true
"https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
preload_approved: true
capabilities_approved:
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
- org.matrix.msc2762.send.state_event:m.room.power_levels#
- org.matrix.msc2762.receive.state_event:m.room.power_levels#
- org.matrix.msc2762.receive.state_event:m.room.member
- org.matrix.msc2762.receive.state_event:m.room.name
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
- org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
- org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
- town.robin.msc3846.turn_servers
image: image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}" imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
registry: "{{ .Values.global.imageRegistry }}" registry: "{{ .Values.global.imageRegistry }}"

33
helmfile/apps/element/values-matrix-neoboard-widget.gotmpl Normal file
View File

@@ -0,0 +1,33 @@
{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: "{{ .Values.global.domain }}"
imageRegistry: "{{ .Values.global.imageRegistry }}"
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
image:
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
repository: "{{ .Values.images.matrixNeoBoardWidget.repository }}"
tag: "{{ .Values.images.matrixNeoBoardWidget.tag }}"
ingress:
enabled: "{{ .Values.ingress.enabled }}"
ingressClassName: "{{ .Values.ingress.ingressClassName }}"
tls:
enabled: "{{ .Values.ingress.tls.enabled }}"
secretName: "{{ .Values.ingress.tls.secretName }}"
theme:
{{ .Values.theme | toYaml | nindent 2 }}
replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
resources:
{{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
...

21
helmfile/apps/element/values-matrix-neoboard-widget.yaml Normal file
View File

@@ -0,0 +1,21 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
containerSecurityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- "ALL"
enabled: true
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 101
runAsNonRoot: true
runAsUser: 101
seccompProfile:
type: "RuntimeDefault"
podSecurityContext:
enabled: true
fsGroup: 101
...

2
helmfile/environments/default/global.yaml
View File

@@ -15,9 +15,9 @@ global:
intercomService: "ics" intercomService: "ics"
jitsi: "meet" jitsi: "meet"
keycloak: "id" keycloak: "id"
matrixNeoBoardWidget: "matrix-neoboard-widget"
meetingWidgetsBot: "meeting-widgets-bot" meetingWidgetsBot: "meeting-widgets-bot"
meetingWidgets: "meeting-widgets" meetingWidgets: "meeting-widgets"
newWorkBoardWidget: "whiteboard-widget"
nextcloud: "fs" nextcloud: "fs"
openproject: "project" openproject: "project"
openxchange: "webmail" openxchange: "webmail"

4
helmfile/environments/default/images.yaml
View File

@@ -75,6 +75,10 @@ images:
# For upgrades at least confirm compatibility of target version with OX (regarding AS Guard) # For upgrades at least confirm compatibility of target version with OX (regarding AS Guard)
tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f" tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
# @supplier: "openDesk DevSecOps" # @supplier: "openDesk DevSecOps"
matrixNeoBoardWidget:
repository: "nordeck/matrix-neoboard-widget"
tag: "0.4.0@sha256:c5e72409a0edc1962e9be618fcb83acce19e64c0c645075d8ff0ccde06e93fc7"
# @supplier: "Nordeck"
memcached: memcached:
repository: "bitnami/memcached" repository: "bitnami/memcached"
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d" tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"

1
helmfile/environments/default/replicas.yaml
View File

@@ -19,6 +19,7 @@ replicas:
jitsiKeycloakAdapter: 1 jitsiKeycloakAdapter: 1
jvb: 1 jvb: 1
keycloak: 1 keycloak: 1
matrixNeoBoardWidget: 1
# clamav-distributed # clamav-distributed
milter: 1 milter: 1
nextcloud: 1 nextcloud: 1

7
helmfile/environments/default/resources.yaml
View File

@@ -114,6 +114,13 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "500Mi" memory: "500Mi"
matrixNeoBoardWidget:
limits:
cpu: 1
memory: "250Mi"
requests:
cpu: 0.1
memory: "50Mi"
memcached: memcached:
limits: limits:
cpu: 1 cpu: 1