diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7082431a..af687539 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -78,6 +78,12 @@ variables: options: - "yes" - "no" + DEPLOY_ELEMENT: + description: "Enable Element deployment." + value: "no" + options: + - "yes" + - "no" DEPLOY_KEYCLOAK: description: "Enable Keycloak deployment." value: "no" @@ -358,6 +364,18 @@ jitsi-deploy: variables: COMPONENT: "jitsi" +element-deploy: + stage: "component-deploy-stage-1" + extends: ".deploy-common" + rules: + - if: > + $CI_PIPELINE_SOURCE =~ "web|schedules|triggers" && + $NAMESPACE =~ /.+/ && + ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ELEMENT != "no") + when: "always" + variables: + COMPONENT: "element" + env-stop: extends: ".deploy-common" environment: @@ -444,15 +462,18 @@ run-tests: image: "registry.souvap-univention.de/souvap/tooling/images/semantic-release-patched:latest" except: - "tags" + - "triggers" - "web" common-yaml-linter: except: - "tags" + - "triggers" - "web" reuse-linter: allow_failure: false except: - "tags" + - "triggers" - "web" diff --git a/README.md b/README.md index d25637bf..96dc47fb 100644 --- a/README.md +++ b/README.md @@ -8,10 +8,7 @@ SPDX-License-Identifier: Apache-2.0 # Disclaimer August 2023 -The current state of the Sovereign Workplace misses the component -_Element Starter Edition_ because it is not generally available yet. - -Also does the Sovereign Workplace contain components that are going to be +The current state of the Sovereign Workplace contain components that are going to be replaced. Like for example the UCS dev container monolith will be substituted by multiple Univention Management Stack containers. @@ -183,26 +180,27 @@ for development and evaluation purposes only - they need to be replaced in production deployments. These components are grouped together in the subdirectory `/helmfile/apps/services`. -| Component | Name | Default | Description | Type | -|-----------------------------|-------------------------------------|---------|------------------------------|------------| -| Certificates | `certificates.enabled` | `true` | TLS certificates | Eval | -| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval | -| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval | -| Collabora | `collabora.enabled` | `true` | Weboffice | Functional | -| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional | -| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional | -| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional | -| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional | -| MariaDB | `mariadb.enabled` | `true` | Database | Eval | -| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional | -| OpenProject | `openproject.enabled` | `true` | Project management | Functional | -| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional | -| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | Functional | -| Postfix | `postfix.enabled` | `true` | MTA | Eval | -| PostgreSQL | `postgresql.enabled` | `true` | Database | Eval | -| Redis | `redis.enabled` | `true` | Cache Database | Eval | -| Univention Corporate Server | `univentionCorporateServer.enabled` | `true` | Identity Management & Portal | Functional | -| XWiki | `xwiki.enabled` | `true` | Knowledgebase | Functional | +| Component | Name | Default | Description | Type | +|-----------------------------|-------------------------------------|---------|--------------------------------|------------| +| Certificates | `certificates.enabled` | `true` | TLS certificates | Eval | +| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval | +| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval | +| Collabora | `collabora.enabled` | `true` | Weboffice | Functional | +| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional | +| Element | `element.enabled` | `true` | Secure communications platform | Functional | +| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional | +| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | Functional | +| Keycloak | `keycloak.enabled` | `true` | Identity Provider | Functional | +| MariaDB | `mariadb.enabled` | `true` | Database | Eval | +| Nextcloud | `nextcloud.enabled` | `true` | File share | Functional | +| OpenProject | `openproject.enabled` | `true` | Project management | Functional | +| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | Functional | +| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | Functional | +| Postfix | `postfix.enabled` | `true` | MTA | Eval | +| PostgreSQL | `postgresql.enabled` | `true` | Database | Eval | +| Redis | `redis.enabled` | `true` | Cache Database | Eval | +| Univention Corporate Server | `univentionCorporateServer.enabled` | `true` | Identity Management & Portal | Functional | +| XWiki | `xwiki.enabled` | `true` | Knowledgebase | Functional | #### Cluster capabilities @@ -221,6 +219,12 @@ the application to your own database instances. | Component | Name | Type | Parameter | Key | Default | |-------------|--------------------|------------|-----------|----------------------------------------|----------------------------| +| Element | Synapse | PostgreSQL | | | | +| | | | Name | `databases.synapse.name` | `matrix` | +| | | | Host | `databases.synapse.host` | `postgresql` | +| | | | Port | `databases.synapse.port` | `5432` | +| | | | Username | `databases.synapse.username` | `matrix_user` | +| | | | Password | `databases.synapse.password` | | | Keycloak | Keycloak | PostgreSQL | | | | | | | | Name | `databases.keycloak.name` | `keycloak` | | | | | Host | `databases.keycloak.host` | `postgresql` | @@ -269,10 +273,14 @@ actual scalability of the components (see column `Scales at least to 2`). | | `replicas.milter` | `1` | :white_check_mark: | :white_check_mark: | not tested | | Collabora | `replicas.collabora` | `1` | :white_check_mark: | :white_check_mark: | not tested | | Dovecot | `replicas.dovecot` | `1` | :white_check_mark: | :x: | not tested | +| Element | `replicas.element` | `2` | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| | `replicas.synapse` | `1` | :white_check_mark: | :x: | not tested | +| | `replicas.synapseWeb` | `2` | :white_check_mark: | :white_check_mark: | :white_check_mark: | +| | `replicas.wellKnown` | `2` | :white_check_mark: | :white_check_mark: | :white_check_mark: | | Jitsi | `replicas.jibri` | `1` | :white_check_mark: | :white_check_mark: | not tested | | | `replicas.jicofo` | `1` | :white_check_mark: | :white_check_mark: | not tested | | | `replicas.jitsi ` | `1` | :white_check_mark: | :white_check_mark: | not tested | -| | `replicas.jvb ` | `1` | :white_check_mark: | :x: | tested | +| | `replicas.jvb ` | `1` | :white_check_mark: | :x: | :x: | | Keycloak | `replicas.keycloak` | `1` | :white_check_mark: | :white_check_mark: | not tested | | Nextcloud | `replicas.nextcloud` | `1` | :white_check_mark: | :white_check_mark: | not tested | | OpenProject | `replicas.openproject` | `1` | :white_check_mark: | :white_check_mark: | not tested | diff --git a/helmfile.yaml b/helmfile.yaml index 76eb33f5..3b05084f 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -15,6 +15,7 @@ helmfiles: - path: "helmfile/apps/nextcloud/helmfile.yaml" - path: "helmfile/apps/collabora/helmfile.yaml" - path: "helmfile/apps/jitsi/helmfile.yaml" + - path: "helmfile/apps/element/helmfile.yaml" - path: "helmfile/apps/openproject/helmfile.yaml" - path: "helmfile/apps/xwiki/helmfile.yaml" - path: "helmfile/apps/provisioning/helmfile.yaml" diff --git a/helmfile/apps/element/helmfile.yaml b/helmfile/apps/element/helmfile.yaml new file mode 100644 index 00000000..47b665b8 --- /dev/null +++ b/helmfile/apps/element/helmfile.yaml @@ -0,0 +1,43 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + - name: "sovereign-workplace-element" + url: "https://gitlab.souvap-univention.de/api/v4/projects/148/packages/helm/stable" + +releases: + - name: "sovereign-workplace-element" + chart: "sovereign-workplace-element/sovereign-workplace-element" + version: "1.1.2" + values: + - "values-element.gotmpl" + condition: "element.enabled" + + - name: "sovereign-workplace-well-known" + chart: "sovereign-workplace-element/sovereign-workplace-well-known" + version: "1.1.2" + values: + - "values-well-known.gotmpl" + condition: "element.enabled" + + - name: "sovereign-workplace-synapse-web" + chart: "sovereign-workplace-element/sovereign-workplace-synapse-web" + version: "1.1.2" + values: + - "values-synapse-web.gotmpl" + condition: "element.enabled" + + - name: "sovereign-workplace-synapse" + chart: "sovereign-workplace-element/sovereign-workplace-synapse" + version: "1.1.2" + values: + - "values-synapse.gotmpl" + condition: "element.enabled" + +commonLabels: + deploy-stage: "component-1" + component: "element" + +bases: + - "../../bases/environments.yaml" +... diff --git a/helmfile/apps/element/values-element.gotmpl b/helmfile/apps/element/values-element.gotmpl new file mode 100644 index 00000000..878f089f --- /dev/null +++ b/helmfile/apps/element/values-element.gotmpl @@ -0,0 +1,31 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +global: + domain: "{{ .Values.global.domain }}" + registry: "{{ .Values.global.imageRegistry }}" + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.element.repository }}" + tag: "{{ .Values.images.element.tag }}" + +ingress: + host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" + enabled: "{{ .Values.ingress.enabled }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: "{{ .Values.ingress.tls.enabled }}" + secretName: "{{ .Values.ingress.tls.secretName }}" + +replicaCount: {{ .Values.replicas.element }} + +resources: + {{ .Values.resources.element | toYaml | nindent 2 }} +... diff --git a/helmfile/apps/element/values-synapse-web.gotmpl b/helmfile/apps/element/values-synapse-web.gotmpl new file mode 100644 index 00000000..1c47cb70 --- /dev/null +++ b/helmfile/apps/element/values-synapse-web.gotmpl @@ -0,0 +1,31 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +global: + domain: "{{ .Values.global.domain }}" + registry: "{{ .Values.global.imageRegistry }}" + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.synapseWeb.repository }}" + tag: "{{ .Values.images.synapseWeb.tag }}" + +ingress: + host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" + enabled: "{{ .Values.ingress.enabled }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: "{{ .Values.ingress.tls.enabled }}" + secretName: "{{ .Values.ingress.tls.secretName }}" + +replicaCount: {{ .Values.replicas.synapseWeb }} + +resources: + {{ .Values.resources.synapseWeb | toYaml | nindent 2 }} +... diff --git a/helmfile/apps/element/values-synapse.gotmpl b/helmfile/apps/element/values-synapse.gotmpl new file mode 100644 index 00000000..511e1a77 --- /dev/null +++ b/helmfile/apps/element/values-synapse.gotmpl @@ -0,0 +1,52 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +global: + domain: "{{ .Values.global.domain }}" + registry: "{{ .Values.global.imageRegistry }}" + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.synapse.repository }}" + tag: "{{ .Values.images.synapse.tag }}" + +configuration: + database: + host: "{{ .Values.databases.synapse.host }}" + name: "{{ .Values.databases.synapse.name }}" + user: "{{ .Values.databases.synapse.username }}" + password: "{{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser }}" + + homeserver: + oidc: + clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix }} + issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap" + + turn: + sharedSecret: {{ .Values.turn.credentials }} + servers: + {{- if .Values.turn.tls.host }} + - server: {{ .Values.turn.tls.host }} + port: {{ .Values.turn.tls.port }} + transport: {{ .Values.turn.transport }} + {{- else if .Values.turn.server.host }} + - server: {{ .Values.turn.server.host }} + port: {{ .Values.turn.server.port }} + transport: {{ .Values.turn.transport }} + {{- end }} + +persistence: + size: "{{ .Values.persistence.size.synapse }}" + storageClass: "{{ .Values.persistence.storageClassNames.RWO }}" + +replicaCount: {{ .Values.replicas.synapse }} + +resources: + {{ .Values.resources.synapse | toYaml | nindent 2 }} +... diff --git a/helmfile/apps/element/values-well-known.gotmpl b/helmfile/apps/element/values-well-known.gotmpl new file mode 100644 index 00000000..6911082c --- /dev/null +++ b/helmfile/apps/element/values-well-known.gotmpl @@ -0,0 +1,31 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +global: + domain: "{{ .Values.global.domain }}" + registry: "{{ .Values.global.imageRegistry }}" + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: "{{ .Values.global.imageRegistry }}" + repository: "{{ .Values.images.wellKnown.repository }}" + tag: "{{ .Values.images.wellKnown.tag }}" + +ingress: + host: "{{ .Values.global.domain }}" + enabled: "{{ .Values.ingress.enabled }}" + ingressClassName: "{{ .Values.ingress.ingressClassName }}" + tls: + enabled: "{{ .Values.ingress.tls.enabled }}" + secretName: "{{ .Values.ingress.tls.secretName }}" + +replicaCount: {{ .Values.replicas.wellKnown }} + +resources: + {{ .Values.resources.wellKnown | toYaml | nindent 2 }} +... diff --git a/helmfile/apps/jitsi/helmfile.yaml b/helmfile/apps/jitsi/helmfile.yaml index 29be4f69..1b05cad0 100644 --- a/helmfile/apps/jitsi/helmfile.yaml +++ b/helmfile/apps/jitsi/helmfile.yaml @@ -8,7 +8,7 @@ repositories: releases: - name: "jitsi" chart: "jitsi/sovereign-workplace-jitsi" - version: "1.1.0" + version: "1.1.3" values: - "values-jitsi.gotmpl" condition: "jitsi.enabled" diff --git a/helmfile/apps/jitsi/values-jitsi.gotmpl b/helmfile/apps/jitsi/values-jitsi.gotmpl index 5b1f2500..c9a22b7f 100644 --- a/helmfile/apps/jitsi/values-jitsi.gotmpl +++ b/helmfile/apps/jitsi/values-jitsi.gotmpl @@ -17,10 +17,10 @@ image: tag: "{{ .Values.images.jitsiKeycloakAdapter.tag }}" settings: - jwtAppSecret: "{{ .Values.secrets.jitsiPlain.jwtAppSecret }}" + jwtAppSecret: "{{ .Values.secrets.jitsi.jwtAppSecret }}" jitsi: - publicURL: "https://{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}" + publicURL: "https://{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" web: replicaCount: {{ .Values.replicas.jitsi }} image: @@ -30,13 +30,13 @@ jitsi: enabled: "{{ .Values.ingress.enabled }}" ingressClassName: "{{ .Values.ingress.ingressClassName }}" hosts: - - host: "{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}" + - host: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" paths: - "/" tls: - secretName: "{{ .Values.ingress.tls.secretName }}" hosts: - - "{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}" + - "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" extraEnvs: TURN_ENABLE: "1" resources: @@ -55,7 +55,7 @@ jitsi: - name: "JWT_APP_ID" value: "myappid" - name: "JWT_APP_SECRET" - value: "{{ .Values.secrets.jitsiPlain.jwtAppSecret }}" + value: "{{ .Values.secrets.jitsi.jwtAppSecret }}" - name: TURNS_HOST value: "{{ .Values.turn.tls.host }}" - name: TURNS_PORT @@ -79,8 +79,8 @@ jitsi: repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jicofo.repository }}" tag: "{{ .Values.images.jicofo.tag }}" xmpp: - password: "{{ .Values.secrets.jitsiPlain.jicofoAuthPassword }}" - componentSecret: "{{ .Values.secrets.jitsiPlain.jicofoComponentPassword }}" + password: "{{ .Values.secrets.jitsi.jicofoAuthPassword }}" + componentSecret: "{{ .Values.secrets.jitsi.jicofoComponentPassword }}" resources: {{ .Values.resources.jicofo | toYaml | nindent 6 }} jvb: @@ -89,7 +89,7 @@ jitsi: repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jvb.repository }}" tag: "{{ .Values.images.jvb.tag }}" xmpp: - password: "{{ .Values.secrets.jitsiPlain.jvbAuthPassword }}" + password: "{{ .Values.secrets.jitsi.jvbAuthPassword }}" resources: {{ .Values.resources.jvb | toYaml | nindent 6 }} service: @@ -100,9 +100,9 @@ jitsi: repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.jibri.repository }}" tag: "{{ .Values.images.jibri.tag }}" recorder: - password: "{{ .Values.secrets.jitsiPlain.jibriRecorderPassword }}" + password: "{{ .Values.secrets.jitsi.jibriRecorderPassword }}" xmpp: - password: "{{ .Values.secrets.jitsiPlain.jibriXmppPassword }}" + password: "{{ .Values.secrets.jitsi.jibriXmppPassword }}" resources: {{ .Values.resources.jibri | toYaml | nindent 6 }} imagePullSecrets: diff --git a/helmfile/apps/keycloak/values-keycloak-idp.yaml b/helmfile/apps/keycloak/values-keycloak-idp.yaml index f7879f56..7b6bf61b 100644 --- a/helmfile/apps/keycloak/values-keycloak-idp.yaml +++ b/helmfile/apps/keycloak/values-keycloak-idp.yaml @@ -116,9 +116,9 @@ keycloakConfigCli: "enabled": true, "alwaysDisplayInConsole": false, "clientAuthenticatorType": "client-secret", - "secret": "$(CLIENT_SECRET_JITSI_PLAIN_PASSWORD)", + "secret": "$(CLIENT_SECRET_JITSI_PASSWORD)", "redirectUris": [ - "https://$(JITSI_PLAIN_DOMAIN)/*" + "https://$(JITSI_DOMAIN)/*" ], "webOrigins": [ "*" @@ -135,7 +135,7 @@ keycloakConfigCli: "frontchannelLogout": true, "protocol": "openid-connect", "attributes": { - "post.logout.redirect.uris": "https://$(JITSI_PLAIN_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*" + "post.logout.redirect.uris": "https://$(JITSI_DOMAIN)/*##https://$(UNIVENTION_CORPORATE_SERVER_DOMAIN)/*" }, "authenticationFlowBindingOverrides": {}, "fullScopeAllowed": true, diff --git a/helmfile/apps/keycloak/values-keycloak.gotmpl b/helmfile/apps/keycloak/values-keycloak.gotmpl index f3c845cd..97dca218 100644 --- a/helmfile/apps/keycloak/values-keycloak.gotmpl +++ b/helmfile/apps/keycloak/values-keycloak.gotmpl @@ -55,8 +55,8 @@ keycloakConfigCli: value: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}" - name: "MATRIX_DOMAIN" value: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" - - name: "JITSI_PLAIN_DOMAIN" - value: "{{ .Values.global.hosts.jitsiPlain }}.{{ .Values.global.domain }}" + - name: "JITSI_DOMAIN" + value: "{{ .Values.global.hosts.jitsi }}.{{ .Values.global.domain }}" - name: "ELEMENT_DOMAIN" value: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" - name: "INTERCOM_SERVICE_DOMAIN" @@ -65,8 +65,8 @@ keycloakConfigCli: value: {{ .Values.secrets.keycloak.clientSecret.intercom }} - name: "CLIENT_SECRET_MATRIX_PASSWORD" value: {{ .Values.secrets.keycloak.clientSecret.matrix }} - - name: "CLIENT_SECRET_JITSI_PLAIN_PASSWORD" - value: {{ .Values.secrets.keycloak.clientSecret.jitsiPlain }} + - name: "CLIENT_SECRET_JITSI_PASSWORD" + value: {{ .Values.secrets.keycloak.clientSecret.jitsi }} - name: "CLIENT_SECRET_NCOIDC_PASSWORD" value: {{ .Values.secrets.keycloak.clientSecret.ncoidc }} - name: "CLIENT_SECRET_OPENPROJECT_PASSWORD" diff --git a/helmfile/apps/services/helmfile.yaml b/helmfile/apps/services/helmfile.yaml index eee86bb4..7532a957 100644 --- a/helmfile/apps/services/helmfile.yaml +++ b/helmfile/apps/services/helmfile.yaml @@ -20,7 +20,7 @@ repositories: releases: - name: "sovereign-workplace-certificates" chart: "sovereign-workplace-certificates/sovereign-workplace-certificates" - version: "1.2.1" + version: "1.2.2" values: - "values-certificates.gotmpl" condition: "certificates.enabled" diff --git a/helmfile/environments/default/database.gotmpl b/helmfile/environments/default/database.gotmpl index dd93d1ca..4a95147c 100644 --- a/helmfile/environments/default/database.gotmpl +++ b/helmfile/environments/default/database.gotmpl @@ -32,6 +32,12 @@ databases: name: "CONFIGDB" username: "root" password: "" + synapse: + host: "postgresql" + name: "matrix" + username: "matrix_user" + password: "" + port: 5432 xwiki: name: "xwiki" host: "mariadb" diff --git a/helmfile/environments/default/global.gotmpl b/helmfile/environments/default/global.gotmpl index 298ae303..01a8aacf 100644 --- a/helmfile/environments/default/global.gotmpl +++ b/helmfile/environments/default/global.gotmpl @@ -12,16 +12,14 @@ global: hosts: collabora: "collabora" dimension: "integration" - element: "ucc" + element: "chat" etherpad: "etherpad" intercomService: "ics" - jitsi: "av" - jitsiPlain: "jitsi" + jitsi: "meet" keycloak: "id" meetingWidgetsBot: "meeting-widgets-bot" meetingWidgets: "meeting-widgets" newWorkBoardWidget: "whiteboard-widget" - moodle: "learn" nextcloud: "fs" openproject: "project" openxchange: "webmail" diff --git a/helmfile/environments/default/images.gotmpl b/helmfile/environments/default/images.gotmpl index 11936009..e1d7f979 100644 --- a/helmfile/environments/default/images.gotmpl +++ b/helmfile/environments/default/images.gotmpl @@ -13,6 +13,9 @@ images: dovecot: repository: "dovecot/dovecot" tag: "2.3.20" + element: + repository: "vectorim/element-web" + tag: "v1.11.35" freshclam: repository: "clamav/clamav" tag: "1.1.0_base" @@ -107,9 +110,18 @@ images: redis: repository: "bitnami/redis" tag: "7.0.12-debian-11-r0" + synapse: + repository: "matrixdotorg/synapse" + tag: "v1.87.0" + synapseWeb: + repository: "library/haproxy" + tag: "2.4" univentionCorporateServer: repository: "souvap/tooling/images/univention-corporate-server-swp/ucs@sha256" tag: "286503f13726399284b49d4521f45fdbed81216875d78e76dcae20e0d8301f65" + wellKnown: + repository: "library/nginx" + tag: "1.23" xwiki: repository: "xwikisas/swp/xwiki" tag: "0.8-mariadb-tomcat" diff --git a/helmfile/environments/default/persistence.gotmpl b/helmfile/environments/default/persistence.gotmpl index 357902a6..f025ea19 100644 --- a/helmfile/environments/default/persistence.gotmpl +++ b/helmfile/environments/default/persistence.gotmpl @@ -19,6 +19,7 @@ persistence: postgresql: "1Gi" prosody: "1Gi" redis: "1Gi" + synapse: "1Gi" univentionCorporateServer: "1Gi" xwiki: "1Gi" ... diff --git a/helmfile/environments/default/replicas.gotmpl b/helmfile/environments/default/replicas.gotmpl index 5287862e..ec6987df 100644 --- a/helmfile/environments/default/replicas.gotmpl +++ b/helmfile/environments/default/replicas.gotmpl @@ -10,6 +10,7 @@ replicas: clamd: 1 collabora: 1 dovecot: 1 + element: 2 {{/* clamav-distributed */}} freshclam: 1 {{/* clamav-distributed */}} @@ -25,5 +26,8 @@ replicas: nextcloud: 1 openproject: 1 postfix: 1 + synapse: 1 + synapseWeb: 2 + wellKnown: 2 xwiki: 1 ... diff --git a/helmfile/environments/default/resources.gotmpl b/helmfile/environments/default/resources.gotmpl index 0ded3826..89d1d34d 100644 --- a/helmfile/environments/default/resources.gotmpl +++ b/helmfile/environments/default/resources.gotmpl @@ -14,17 +14,24 @@ resources: dovecot: limits: cpu: 0.5 - memory: "0.25Gi" + memory: "250Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" + element: + limits: + cpu: 1 + memory: "250Mi" + requests: + cpu: 0.1 + memory: "50Mi" freshclam: limits: cpu: 1 memory: "1Gi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" icap: limits: cpu: 2 @@ -35,24 +42,24 @@ resources: jibri: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "125Mi" jicofo: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" jitsi: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" jitsiKeycloakAdapter: limits: cpu: "100m" @@ -63,45 +70,45 @@ resources: jvb: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" keycloak: limits: cpu: 2 memory: "2Gi" requests: cpu: 0.1 - memory: "0.75Gi" + memory: "750Mi" keycloakExtension: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" keycloakBootstrap: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.25Gi" + memory: "250Mi" keycloakProxy: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" mariadb: limits: cpu: 2 memory: "2Gi" requests: cpu: 0.1 - memory: "0.5Gi" + memory: "500Mi" milter: limits: cpu: 4 @@ -115,49 +122,63 @@ resources: memory: "1Gi" requests: cpu: 0.1 - memory: "0.5Gi" + memory: "500Mi" openproject: limits: cpu: 2 memory: "1Gi" requests: cpu: 0.1 - memory: "0.25Gi" + memory: "250Mi" oxConnector: limits: cpu: 2 memory: "2Gi" requests: cpu: 0.1 - memory: "0.25Gi" + memory: "250Mi" postfix: limits: cpu: 0.5 - memory: "0.25Gi" + memory: "250Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" postgresql: limits: cpu: 2 memory: "1Gi" requests: cpu: 0.1 - memory: "0.25Gi" + memory: "250Mi" prosody: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" redis: limits: cpu: 1 - memory: "0.5Gi" + memory: "500Mi" requests: cpu: 0.1 - memory: "0.1Gi" + memory: "100Mi" + synapse: + limits: + cpu: 4 + memory: "4Gi" + requests: + cpu: 1 + memory: "2Gi" + synapseWeb: + limits: + cpu: 1 + memory: "250Mi" + requests: + cpu: 0.1 + memory: "50Mi" univentionCorporateServer: limits: cpu: 2 @@ -165,6 +186,13 @@ resources: requests: cpu: 0.5 memory: "1Gi" + wellKnown: + limits: + cpu: 1 + memory: "250Mi" + requests: + cpu: 0.1 + memory: "50Mi" xwiki: limits: cpu: 2 diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 3abc14e8..7b7d9e35 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -40,7 +40,7 @@ secrets: clientSecret: intercom: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "intercom_client_secret" | sha1sum) }} matrix: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "matrix_client_secret" | sha1sum) }} - jitsiPlain: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "jitsi_plain_client_secret" | sha1sum) }} + jitsi: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "jitsi_plain_client_secret" | sha1sum) }} ncoidc: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "ncoidc_client_secret" | sha1sum) }} openproject: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "openproject_client_secret" | sha1sum) }} xwiki: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "keycloak" "xwiki_client_secret" | sha1sum) }} @@ -54,17 +54,6 @@ secrets: adminPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum) }} jitsi: synapseAsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "as_token" | sha1sum) }} - synapseHsToken: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "hs_token" | sha1sum) }} - jicofoAuth: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "jicofo_auth" | sha1sum) }} - componentAuth: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "component_auth" | sha1sum) }} - jvbAuth: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "jvb_auth" | sha1sum) }} - jigasiAuth: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "jigasi_auth" | sha1sum) }} - jibriUserAuth: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "jibri_user_auth" | sha1sum) }} - jibriRecorderAuth: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "jibri_recorder_auth" | sha1sum) }} - rageshakeListingPass: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "rageshakeListingPass" | sha1sum) }} - conferencemapperSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "conferencemapperSecret" | sha1sum) }} - jitsiFeedbackBackend: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jitsi" "jitsiFeedbackBackend" | sha1sum) }} - jitsiPlain: jwtAppSecret: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jwtAppSecret" | sha1sum) }} jibriRecorderPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriRecorderPassword" | sha1sum) }} jibriXmppPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "jistiStandalone" "jibriXmppPassword" | sha1sum) }} diff --git a/helmfile/environments/default/workplace.gotmpl b/helmfile/environments/default/workplace.gotmpl index 314f8504..c961b373 100644 --- a/helmfile/environments/default/workplace.gotmpl +++ b/helmfile/environments/default/workplace.gotmpl @@ -15,6 +15,8 @@ collabora: enabled: true dovecot: enabled: true +element: + enabled: true intercom: enabled: true jitsi: