fix(element): Add Element EE components

2025-12-06 07:21:36 +01:00 · 2025-01-29 12:30:08 +01:00
parent 4e21129456
commit 61d94a8de6
13 changed files with 364 additions and 10 deletions
--- a/helmfile/apps/element/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/element/helmfile-child.yaml.gotmpl
@@ -217,6 +217,7 @@ releases:
    chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}"
    version: "{{ .Values.charts.synapseAdmin.version }}"
    values:
+      - "values-synapse-admin.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseAdmin }}
      - {{ . }}
      {{- end }}
@@ -227,6 +228,7 @@ releases:
    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
    version: "{{ .Values.charts.synapseCreateAccount.version }}"
    values:
+      - "values-synapse-adminbot-bootstrap.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
      - {{ . }}
      {{- end }}
@@ -237,6 +239,7 @@ releases:
    chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
    version: "{{ .Values.charts.synapsePipe.version }}"
    values:
+      - "values-synapse-adminbot-pipe.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }}
      - {{ . }}
      {{- end }}
@@ -247,6 +250,7 @@ releases:
    chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}"
    version: "{{ .Values.charts.synapseAdminbotWeb.version }}"
    values:
+      - "values-synapse-adminbot-web.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }}
      - {{ . }}
      {{- end }}
@@ -257,6 +261,7 @@ releases:
    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
    version: "{{ .Values.charts.synapseCreateAccount.version }}"
    values:
+      - "values-synapse-auditbot-bootstrap.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
      - {{ . }}
      {{- end }}
@@ -267,6 +272,7 @@ releases:
    chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
    version: "{{ .Values.charts.synapsePipe.version }}"
    values:
+      - "values-synapse-auditbot-pipe.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }}
      - {{ . }}
      {{- end }}
@@ -277,6 +283,7 @@ releases:
    chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}"
    version: "{{ .Values.charts.synapseGroupsync.version }}"
    values:
+      - "values-synapse-groupsync.yaml.gotmpl"
      {{- range .Values.customization.release.opendeskSynapseGroupsync }}
      - {{ . }}
      {{- end }}
--- a/helmfile/apps/element/values-synapse-admin.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-admin.yaml.gotmpl
@@ -0,0 +1,88 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  adminBot:
+    backupPhrase: {{ .Values.secrets.matrixAdminBot.backupPassphrase | quote }}
+    #name: "adminbot"
+    #secretName: "matrix-adminbot-account"
+    #secretKey: "access_token"
+  auditBot:
+    backupPhrase: {{ .Values.secrets.matrixAuditBot.backupPassphrase | quote }}
+    #name: "auditbot"
+  database:
+    host: {{ .Values.databases.synapse.host | quote }}
+    port: {{ .Values.databases.synapse.port }}
+    name: {{ .Values.databases.synapse.name | quote }}
+    user: {{ .Values.databases.synapse.username | quote }}
+    password:
+      value: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
+    requireAuth: {{ .Values.databases.synapse.requireAuth }}
+    channelBinding: {{ .Values.databases.synapse.channelBinding | quote }}
+    connectTimeout: {{ .Values.databases.synapse.connectTimeout }}
+    clientEncoding: {{ .Values.databases.synapse.clientEncoding | quote }}
+    keepalives: {{ .Values.databases.synapse.keepalives }}
+    keepalivesIdle: {{ .Values.databases.synapse.keepalivesIdle }}
+    keepalivesInterval: {{ .Values.databases.synapse.keepalivesInterval }}
+    keepalivesCount: {{ .Values.databases.synapse.keepalivesCount }}
+    replication: {{ .Values.databases.synapse.replication }}
+    gssencmode: {{ .Values.databases.synapse.gssencmode | quote }}
+    sslmode: {{ .Values.databases.synapse.sslmode | quote }}
+    sslcompression: {{ .Values.databases.synapse.sslcompression }}
+    sslMinProtocolVersion: {{ .Values.databases.synapse.sslMinProtocolVersion | quote }}
+    connectionPoolMin: {{ .Values.databases.synapse.connectionPoolMin }}
+    connectionPoolMax: {{ .Values.databases.synapse.connectionPoolMax }}
+  # Settings regarding homeserver.
+  homeserver:
+    # -- URL of synapse deployment. As default the url of synapse will be used.
+    #baseUrl: ""
+  homeserver:
+    serverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
+  ldap:
+    base: {{ .Values.ldap.baseDn | quote }}
+    bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal"
+    bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
+    filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal)"
+    uri: {{ printf "ldap://%s:389" .Values.ldap.host | quote }}
+cron:
+  image:
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementSyncAdmins.registry | quote }}
+    repository: {{ .Values.images.elementSyncAdmins.repository | quote }}
+    tag: {{ .Values.images.elementSyncAdmins.tag | quote }}
+    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+#fullnameOverride: "opendesk-synapse-admin"
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementSynapseAdmin.registry | quote }}
+  repository: {{ .Values.images.elementSynapseAdmin.repository | quote }}
+  tag: {{ .Values.images.elementSynapseAdmin.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  tls:
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+{{- if .Values.certificate.selfSigned }}
+extraEnvVars:
+  - name: "NODE_EXTRA_CA_CERTS"
+    value: "/etc/ssl/certs/ca-certificates.crt"
+extraVolumes:
+  - name: "trusted-cert-secret-volume"
+    secret:
+      secretName: "opendesk-certificates-ca-tls"
+      items:
+        - key: "ca.crt"
+          path: "ca-certificates.crt"
+extraVolumeMounts:
+  - name: "trusted-cert-secret-volume"
+    mountPath: "/etc/ssl/certs/ca-certificates.crt"
+    subPath: "ca-certificates.crt"
+{{- end }}
+...
--- a/helmfile/apps/element/values-synapse-adminbot-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-adminbot-bootstrap.yaml.gotmpl
@@ -0,0 +1,33 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  username: "adminbot"
+  pod: "opendesk-synapse-0"
+  secretName: "matrix-adminbot-account"
+  password: {{ .Values.secrets.matrixAdminBot.password | quote }}
+  pipeConfig:
+    enabled: true
+    type: "admin"
+    secretName: "matrix-adminbot-config"
+    asToken: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
+    hsToken: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
+    serviceUrl: "http://opendesk-synapse-web:8008"
+    backupPassphrase: {{ .Values.secrets.matrixAdminBot.backupPassphrase | quote }}
+    homeserverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
+image:
+  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
+  url: {{ .Values.images.synapseCreateUser.repository | quote }}
+  tag: {{ .Values.images.synapseCreateUser.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+fullnameOverride: "matrix-adminbot-bootstrap"
+...
--- a/helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl
@@ -0,0 +1,22 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  secretName: "matrix-adminbot-config"
+  #serviceName: "opendesk-synapse-adminbot-pipe"
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementPipe.registry | quote }}
+  url: {{ .Values.images.elementPipe.repository | quote }}
+  tag: {{ .Values.images.elementPipe.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+fullnameOverride: "opendesk-synapse-adminbot-pipe"
+...
--- a/helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl
@@ -0,0 +1,26 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  homeserver:
+    serverName: {{ .Values.global.matrixDomain | default .Values.global.domain }}
+#fullnameOverride: "opendesk-synapse-adminbot-web"
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementAdminBot.registry | quote }}
+  repository: {{ .Values.images.elementAdminBot.repository | quote }}
+  tag: {{ .Values.images.elementAdminBot.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  tls:
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+...
--- a/helmfile/apps/element/values-synapse-auditbot-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-auditbot-bootstrap.yaml.gotmpl
@@ -0,0 +1,33 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  username: "auditbot"
+  pod: "opendesk-synapse-0"
+  secretName: "matrix-auditbot-account"
+  password: {{ .Values.secrets.matrixAuditBot.password | quote }}
+  pipeConfig:
+    enabled: true
+    type: "admin"
+    secretName: "matrix-auditbot-config"
+    asToken: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
+    hsToken: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
+    serviceUrl: "http://opendesk-synapse-web:8008"
+    backupPassphrase: {{ .Values.secrets.matrixAuditBot.backupPassphrase | quote }}
+    homeserverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
+image:
+  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
+  url: {{ .Values.images.synapseCreateUser.repository | quote }}
+  tag: {{ .Values.images.synapseCreateUser.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+fullnameOverride: "matrix-auditbot-bootstrap"
+...
--- a/helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl
@@ -0,0 +1,22 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  secretName: "matrix-auditbot-config"
+  #serviceName: "opendesk-synapse-auditbot-pipe"
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementPipe.registry | quote }}
+  url: {{ .Values.images.elementPipe.repository | quote }}
+  tag: {{ .Values.images.elementPipe.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+fullnameOverride: "opendesk-synapse-auditbot-pipe"
+...
--- a/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl
@@ -0,0 +1,56 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  asToken: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
+  dryRun: false
+  hsToken: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
+  id: "gps"
+  homeserverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
+  registrationSharedSecret: {{ .Values.secrets.synapse.registrationSharedSecret | quote }}
+  runOnce: false
+  username: "groupsyncbot"
+  ldap:
+    attributes:
+      name: "description"
+      uid: "uid"
+    base: {{ .Values.ldap.baseDn | quote }}
+    bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal"
+    bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
+    check_interval_seconds: 60
+    type: mapped-ldap
+    uri: "ldap://ums-ldap-server:389"
+  spaces:
+    - groups:
+        - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal"
+          powerLevel: 50
+        - externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,dc=swp-ldap,dc=internal"
+      id: "c3122e32-4e05-4bf8-8a5d-66679076ed36"
+      name: "openDesk"
+      subspaces:
+        - groups:
+            - externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal"
+              powerLevel: 50
+          id: "e7889d96-5baa-4e21-be6e-12c66b2e9565"
+          name: "openDesk Element Admins"
+  provisionerDefaultRooms:
+    - id: "c3122e32-4e05-4bf8-8a5d-66679076ed36"
+      properties:
+        name: "openDesk"
+  # Name of group sync service (default opendesk-synapse-groupsync)
+  groupSyncService: "opendesk-synapse-groupsync"
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementGroupsync.registry | quote }}
+  url: {{ .Values.images.elementGroupsync.repository | quote }}
+  tag: {{ .Values.images.elementGroupsync.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+...
--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -69,6 +69,60 @@ configuration:
              regex: "@.*"
        url: null
        sender_localpart: ox-appsuite
+    {{- if (env "OPENDESK_ENTERPRISE") }}
+      {{- if .Values.elementAdmin.enabled }}
+      - as_token: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
+        hs_token: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
+        id: "element-adminbot-pipe"
+        namespaces:
+          rooms:
+            - exclusive: false
+              regex: "!.*:{{ .Values.global.domain }}"
+          users:
+            - exclusive: false
+              regex: "@.*:.*"
+            - exclusive: true
+              regex: "@adminbot:{{ .Values.global.domain }}"
+        de.sorunome.msc2409.push_ephemeral: true
+        org.matrix.msc3202: true
+        url: "http://opendesk-synapse-adminbot-pipe:9995"
+        rate_limited: false
+        sender_localpart: "adminbot-sendernotinuse"
+      - as_token: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
+        hs_token: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
+        id: "element-auditbot-pipe"
+        namespaces:
+          rooms:
+            - exclusive: false
+              regex: "!.*:{{ .Values.global.domain }}"
+          users:
+            - exclusive: false
+              regex: "@.*:.*"
+            - exclusive: true
+              regex: "@auditbot:{{ .Values.global.domain }}"
+        de.sorunome.msc2409.push_ephemeral: true
+        org.matrix.msc3202: true
+        url: "http://opendesk-synapse-auditbot-pipe:9995"
+        rate_limited: false
+        sender_localpart: "auditbot-sendernotinuse"
+      {{- end }}
+      {{- if .Values.elementGroupsync.enabled }}
+      - as_token: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
+        hs_token: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
+        id: "gps"
+        namespaces:
+          rooms:
+            - exclusive: false
+              regex: "!.*:{{ .Values.global.domain }}"
+          users:
+            - exclusive: false
+              regex: '@.*:{{ .Values.global.domain }}'
+        url: "http://opendesk-synapse-groupsync:10010"
+        rate_limited: false
+        sender_localpart: "groupsyncbot"
+      {{- end }}
+    registrationSharedSecret: {{ .Values.secrets.synapse.registrationSharedSecret | quote }}
+    {{- end }}

    presence:
      enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }}
--- a/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
+++ b/helmfile/apps/services-external/values-cassandra.yaml.gotmpl
@@ -35,10 +35,14 @@ image:

 initDB:
  initUserData.cql: >
-    CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecot.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
-    CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecot.username | quote }};
-    ALTER ROLE {{ .Values.databases.dovecot.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotUser "''" | squote }} AND LOGIN = true;
-    GRANT ALL ON KEYSPACE {{ .Values.databases.dovecot.name | quote }} TO {{ .Values.databases.dovecot.username | quote }};
+    CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
+    CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.username | quote }};
+    ALTER ROLE {{ .Values.databases.dovecotDictmap.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotDictmapUser "''" | squote }} AND LOGIN = true;
+    GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotDictmap.name | quote }} TO {{ .Values.databases.dovecotDictmap.username | quote }};
+    CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotACL.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
+    CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecotACL.username | quote }};
+    ALTER ROLE {{ .Values.databases.dovecotACL.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotACLUser "''" | squote }} AND LOGIN = true;
+    GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotACL.name | quote }} TO {{ .Values.databases.dovecotACL.username | quote }};

 # Will print a warning if unset but is automatically calculated:
 jvm:
--- a/helmfile/environments/default/database.yaml.gotmpl
+++ b/helmfile/environments/default/database.yaml.gotmpl
@@ -6,12 +6,20 @@
 databases:
  defaults:
    userConnectionLimit: 100
-  dovecot:
+  dovecotDictmap:
    type: "cassandra"
-    name: "dovecot"
+    name: "dovecot_dictmap"
    host: "cassandra"
    port: 9042
-    username: "dovecot_user"
+    username: "dovecot_dictmap_user"
+    password: ""
+    connectionLimit: ~
+  dovecotACL:
+    type: "cassandra"
+    name: "dovecot_acl"
+    host: "cassandra"
+    port: 9042
+    username: "dovecot_acl_user"
    password: ""
    connectionLimit: ~
  keycloak:
--- a/helmfile/environments/default/persistence.yaml.gotmpl
+++ b/helmfile/environments/default/persistence.yaml.gotmpl
@@ -9,7 +9,7 @@ persistence:

  storages:
    cassandra:
-      data: "1Gi"
+      size: "1Gi"
      commitLogsize: "256Mi"
      storageClassName: ~
    clamav:
--- a/helmfile/environments/default/secrets.yaml.gotmpl
+++ b/helmfile/environments/default/secrets.yaml.gotmpl
@@ -7,8 +7,8 @@ SPDX-License-Identifier: Apache-2.0
 secrets:
  cassandra:
    rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
-    dovecotUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_user" | sha1sum | quote }}
-
+    dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
+    dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
  oxAppSuite:
    adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
    basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
@@ -75,6 +75,7 @@ secrets:
    openxchangeUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_user" | sha1sum | quote }}
    nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "nextcloud_user" | sha1sum | quote }}
  minio:
+    dovecotUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "dovecot_user" | sha1sum | quote) }}
    rootPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "root_password" | sha1sum | quote) }}
    migrationsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "migrations_user" | sha1sum | quote) }}
    nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }}