sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-07 07:51:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(element): Add Element EE components

Browse Source
This commit is contained in:
Thomas Kaltenbrunner
2025-01-29 12:30:08 +01:00
parent 4e21129456
commit 61d94a8de6
13 changed files with 364 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
helmfile/apps/element/helmfile-child.yaml.gotmpl
View File

@@ -217,6 +217,7 @@ releases:
chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}" chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}"
version: "{{ .Values.charts.synapseAdmin.version }}" version: "{{ .Values.charts.synapseAdmin.version }}"
values: values:
- "values-synapse-admin.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseAdmin }} {{- range .Values.customization.release.opendeskSynapseAdmin }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -227,6 +228,7 @@ releases:
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}" version: "{{ .Values.charts.synapseCreateAccount.version }}"
values: values:
- "values-synapse-adminbot-bootstrap.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }} {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -237,6 +239,7 @@ releases:
chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}" chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
version: "{{ .Values.charts.synapsePipe.version }}" version: "{{ .Values.charts.synapsePipe.version }}"
values: values:
- "values-synapse-adminbot-pipe.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseAdminbotPipe }} {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -247,6 +250,7 @@ releases:
chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}" chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}"
version: "{{ .Values.charts.synapseAdminbotWeb.version }}" version: "{{ .Values.charts.synapseAdminbotWeb.version }}"
values: values:
- "values-synapse-adminbot-web.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseAdminbotWeb }} {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -257,6 +261,7 @@ releases:
chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
version: "{{ .Values.charts.synapseCreateAccount.version }}" version: "{{ .Values.charts.synapseCreateAccount.version }}"
values: values:
- "values-synapse-auditbot-bootstrap.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }} {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -267,6 +272,7 @@ releases:
chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}" chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
version: "{{ .Values.charts.synapsePipe.version }}" version: "{{ .Values.charts.synapsePipe.version }}"
values: values:
- "values-synapse-auditbot-pipe.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseAuditbotPipe }} {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}
@@ -277,6 +283,7 @@ releases:
chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}" chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}"
version: "{{ .Values.charts.synapseGroupsync.version }}" version: "{{ .Values.charts.synapseGroupsync.version }}"
values: values:
- "values-synapse-groupsync.yaml.gotmpl"
{{- range .Values.customization.release.opendeskSynapseGroupsync }} {{- range .Values.customization.release.opendeskSynapseGroupsync }}
- {{ . }} - {{ . }}
{{- end }} {{- end }}

88
helmfile/apps/element/values-synapse-admin.yaml.gotmpl Normal file
View File

@@ -0,0 +1,88 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
adminBot:
backupPhrase: {{ .Values.secrets.matrixAdminBot.backupPassphrase | quote }}
#name: "adminbot"
#secretName: "matrix-adminbot-account"
#secretKey: "access_token"
auditBot:
backupPhrase: {{ .Values.secrets.matrixAuditBot.backupPassphrase | quote }}
#name: "auditbot"
database:
host: {{ .Values.databases.synapse.host | quote }}
port: {{ .Values.databases.synapse.port }}
name: {{ .Values.databases.synapse.name | quote }}
user: {{ .Values.databases.synapse.username | quote }}
password:
value: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
requireAuth: {{ .Values.databases.synapse.requireAuth }}
channelBinding: {{ .Values.databases.synapse.channelBinding | quote }}
connectTimeout: {{ .Values.databases.synapse.connectTimeout }}
clientEncoding: {{ .Values.databases.synapse.clientEncoding | quote }}
keepalives: {{ .Values.databases.synapse.keepalives }}
keepalivesIdle: {{ .Values.databases.synapse.keepalivesIdle }}
keepalivesInterval: {{ .Values.databases.synapse.keepalivesInterval }}
keepalivesCount: {{ .Values.databases.synapse.keepalivesCount }}
replication: {{ .Values.databases.synapse.replication }}
gssencmode: {{ .Values.databases.synapse.gssencmode | quote }}
sslmode: {{ .Values.databases.synapse.sslmode | quote }}
sslcompression: {{ .Values.databases.synapse.sslcompression }}
sslMinProtocolVersion: {{ .Values.databases.synapse.sslMinProtocolVersion | quote }}
connectionPoolMin: {{ .Values.databases.synapse.connectionPoolMin }}
connectionPoolMax: {{ .Values.databases.synapse.connectionPoolMax }}
# Settings regarding homeserver.
homeserver:
# -- URL of synapse deployment. As default the url of synapse will be used.
#baseUrl: ""
homeserver:
serverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
ldap:
base: {{ .Values.ldap.baseDn | quote }}
bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal"
bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal)"
uri: {{ printf "ldap://%s:389" .Values.ldap.host | quote }}
cron:
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementSyncAdmins.registry | quote }}
repository: {{ .Values.images.elementSyncAdmins.repository | quote }}
tag: {{ .Values.images.elementSyncAdmins.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
#fullnameOverride: "opendesk-synapse-admin"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementSynapseAdmin.registry | quote }}
repository: {{ .Values.images.elementSynapseAdmin.repository | quote }}
tag: {{ .Values.images.elementSynapseAdmin.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
ingress:
enabled: {{ .Values.ingress.enabled }}
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
{{- if .Values.certificate.selfSigned }}
extraEnvVars:
- name: "NODE_EXTRA_CA_CERTS"
value: "/etc/ssl/certs/ca-certificates.crt"
extraVolumes:
- name: "trusted-cert-secret-volume"
secret:
secretName: "opendesk-certificates-ca-tls"
items:
- key: "ca.crt"
path: "ca-certificates.crt"
extraVolumeMounts:
- name: "trusted-cert-secret-volume"
mountPath: "/etc/ssl/certs/ca-certificates.crt"
subPath: "ca-certificates.crt"
{{- end }}
...

33
helmfile/apps/element/values-synapse-adminbot-bootstrap.yaml.gotmpl Normal file
View File

@@ -0,0 +1,33 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
username: "adminbot"
pod: "opendesk-synapse-0"
secretName: "matrix-adminbot-account"
password: {{ .Values.secrets.matrixAdminBot.password | quote }}
pipeConfig:
enabled: true
type: "admin"
secretName: "matrix-adminbot-config"
asToken: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
hsToken: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
serviceUrl: "http://opendesk-synapse-web:8008"
backupPassphrase: {{ .Values.secrets.matrixAdminBot.backupPassphrase | quote }}
homeserverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
url: {{ .Values.images.synapseCreateUser.repository | quote }}
tag: {{ .Values.images.synapseCreateUser.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
fullnameOverride: "matrix-adminbot-bootstrap"
...

22
helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl Normal file
View File

@@ -0,0 +1,22 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
secretName: "matrix-adminbot-config"
#serviceName: "opendesk-synapse-adminbot-pipe"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementPipe.registry | quote }}
url: {{ .Values.images.elementPipe.repository | quote }}
tag: {{ .Values.images.elementPipe.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
fullnameOverride: "opendesk-synapse-adminbot-pipe"
...

26
helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl Normal file
View File

@@ -0,0 +1,26 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
homeserver:
serverName: {{ .Values.global.matrixDomain | default .Values.global.domain }}
#fullnameOverride: "opendesk-synapse-adminbot-web"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementAdminBot.registry | quote }}
repository: {{ .Values.images.elementAdminBot.repository | quote }}
tag: {{ .Values.images.elementAdminBot.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
ingress:
enabled: {{ .Values.ingress.enabled }}
tls:
secretName: {{ .Values.ingress.tls.secretName | quote }}
...

33
helmfile/apps/element/values-synapse-auditbot-bootstrap.yaml.gotmpl Normal file
View File

@@ -0,0 +1,33 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
username: "auditbot"
pod: "opendesk-synapse-0"
secretName: "matrix-auditbot-account"
password: {{ .Values.secrets.matrixAuditBot.password | quote }}
pipeConfig:
enabled: true
type: "admin"
secretName: "matrix-auditbot-config"
asToken: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
hsToken: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
serviceUrl: "http://opendesk-synapse-web:8008"
backupPassphrase: {{ .Values.secrets.matrixAuditBot.backupPassphrase | quote }}
homeserverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
image:
registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
url: {{ .Values.images.synapseCreateUser.repository | quote }}
tag: {{ .Values.images.synapseCreateUser.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
fullnameOverride: "matrix-auditbot-bootstrap"
...

22
helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl Normal file
View File

@@ -0,0 +1,22 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
secretName: "matrix-auditbot-config"
#serviceName: "opendesk-synapse-auditbot-pipe"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementPipe.registry | quote }}
url: {{ .Values.images.elementPipe.repository | quote }}
tag: {{ .Values.images.elementPipe.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
fullnameOverride: "opendesk-synapse-auditbot-pipe"
...

56
helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl Normal file
View File

@@ -0,0 +1,56 @@
{{/*
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
SPDX-License-Identifier: Apache-2.0
*/}}
---
global:
domain: {{ .Values.global.domain | quote }}
hosts:
{{ .Values.global.hosts | toYaml | nindent 4 }}
imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
configuration:
asToken: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
dryRun: false
hsToken: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
id: "gps"
homeserverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
registrationSharedSecret: {{ .Values.secrets.synapse.registrationSharedSecret | quote }}
runOnce: false
username: "groupsyncbot"
ldap:
attributes:
name: "description"
uid: "uid"
base: {{ .Values.ldap.baseDn | quote }}
bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal"
bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
check_interval_seconds: 60
type: mapped-ldap
uri: "ldap://ums-ldap-server:389"
spaces:
- groups:
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal"
powerLevel: 50
- externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,dc=swp-ldap,dc=internal"
id: "c3122e32-4e05-4bf8-8a5d-66679076ed36"
name: "openDesk"
subspaces:
- groups:
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal"
powerLevel: 50
id: "e7889d96-5baa-4e21-be6e-12c66b2e9565"
name: "openDesk Element Admins"
provisionerDefaultRooms:
- id: "c3122e32-4e05-4bf8-8a5d-66679076ed36"
properties:
name: "openDesk"
# Name of group sync service (default opendesk-synapse-groupsync)
groupSyncService: "opendesk-synapse-groupsync"
image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementGroupsync.registry | quote }}
url: {{ .Values.images.elementGroupsync.repository | quote }}
tag: {{ .Values.images.elementGroupsync.tag | quote }}
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
...

54
helmfile/apps/element/values-synapse.yaml.gotmpl
View File

@@ -69,6 +69,60 @@ configuration:
regex: "@.*" regex: "@.*"
url: null url: null
sender_localpart: ox-appsuite sender_localpart: ox-appsuite
{{- if (env "OPENDESK_ENTERPRISE") }}
{{- if .Values.elementAdmin.enabled }}
- as_token: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
hs_token: {{ .Values.secrets.matrixAdminBot.synapseAsToken | quote }}
id: "element-adminbot-pipe"
namespaces:
rooms:
- exclusive: false
regex: "!.*:{{ .Values.global.domain }}"
users:
- exclusive: false
regex: "@.*:.*"
- exclusive: true
regex: "@adminbot:{{ .Values.global.domain }}"
de.sorunome.msc2409.push_ephemeral: true
org.matrix.msc3202: true
url: "http://opendesk-synapse-adminbot-pipe:9995"
rate_limited: false
sender_localpart: "adminbot-sendernotinuse"
- as_token: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
hs_token: {{ .Values.secrets.matrixAuditBot.synapseAsToken | quote }}
id: "element-auditbot-pipe"
namespaces:
rooms:
- exclusive: false
regex: "!.*:{{ .Values.global.domain }}"
users:
- exclusive: false
regex: "@.*:.*"
- exclusive: true
regex: "@auditbot:{{ .Values.global.domain }}"
de.sorunome.msc2409.push_ephemeral: true
org.matrix.msc3202: true
url: "http://opendesk-synapse-auditbot-pipe:9995"
rate_limited: false
sender_localpart: "auditbot-sendernotinuse"
{{- end }}
{{- if .Values.elementGroupsync.enabled }}
- as_token: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
hs_token: {{ .Values.secrets.matrixGroupsync.synapseAsToken | quote }}
id: "gps"
namespaces:
rooms:
- exclusive: false
regex: "!.*:{{ .Values.global.domain }}"
users:
- exclusive: false
regex: '@.*:{{ .Values.global.domain }}'
url: "http://opendesk-synapse-groupsync:10010"
rate_limited: false
sender_localpart: "groupsyncbot"
{{- end }}
registrationSharedSecret: {{ .Values.secrets.synapse.registrationSharedSecret | quote }}
{{- end }}
presence: presence:
enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }} enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }}

12
helmfile/apps/services-external/values-cassandra.yaml.gotmpl
View File

@@ -35,10 +35,14 @@ image:
initDB: initDB:
initUserData.cql: > initUserData.cql: >
CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecot.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 }; CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecot.username | quote }}; CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecotDictmap.username | quote }};
ALTER ROLE {{ .Values.databases.dovecot.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotUser "''" | squote }} AND LOGIN = true; ALTER ROLE {{ .Values.databases.dovecotDictmap.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotDictmapUser "''" | squote }} AND LOGIN = true;
GRANT ALL ON KEYSPACE {{ .Values.databases.dovecot.name | quote }} TO {{ .Values.databases.dovecot.username | quote }}; GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotDictmap.name | quote }} TO {{ .Values.databases.dovecotDictmap.username | quote }};
CREATE KEYSPACE IF NOT EXISTS {{ .Values.databases.dovecotACL.name | quote }} WITH REPLICATION = { 'class' : 'SimpleStrategy', 'replication_factor' : 1 };
CREATE ROLE IF NOT EXISTS {{ .Values.databases.dovecotACL.username | quote }};
ALTER ROLE {{ .Values.databases.dovecotACL.username | quote }} WITH PASSWORD = {{ regexReplaceAll "'" .Values.secrets.cassandra.dovecotACLUser "''" | squote }} AND LOGIN = true;
GRANT ALL ON KEYSPACE {{ .Values.databases.dovecotACL.name | quote }} TO {{ .Values.databases.dovecotACL.username | quote }};
# Will print a warning if unset but is automatically calculated: # Will print a warning if unset but is automatically calculated:
jvm: jvm:

14
helmfile/environments/default/database.yaml.gotmpl
View File

@@ -6,12 +6,20 @@
databases: databases:
defaults: defaults:
userConnectionLimit: 100 userConnectionLimit: 100
dovecot: dovecotDictmap:
type: "cassandra" type: "cassandra"
name: "dovecot" name: "dovecot_dictmap"
host: "cassandra" host: "cassandra"
port: 9042 port: 9042
username: "dovecot_user" username: "dovecot_dictmap_user"
password: ""
connectionLimit: ~
dovecotACL:
type: "cassandra"
name: "dovecot_acl"
host: "cassandra"
port: 9042
username: "dovecot_acl_user"
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
keycloak: keycloak:

2
helmfile/environments/default/persistence.yaml.gotmpl
View File

@@ -9,7 +9,7 @@ persistence:
storages: storages:
cassandra: cassandra:
data: "1Gi" size: "1Gi"
commitLogsize: "256Mi" commitLogsize: "256Mi"
storageClassName: ~ storageClassName: ~
clamav: clamav:

5
helmfile/environments/default/secrets.yaml.gotmpl
View File

@@ -7,8 +7,8 @@ SPDX-License-Identifier: Apache-2.0
secrets: secrets:
cassandra: cassandra:
rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }} rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "root_password" | sha1sum | quote }}
dovecotUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_user" | sha1sum | quote }} dovecotDictmapUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_dictmap_user" | sha1sum | quote }}
dovecotACLUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cassandra" "dovecot_acl_user" | sha1sum | quote }}
oxAppSuite: oxAppSuite:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }} basicAuthPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "basic_auth_password" | sha1sum | quote }}
@@ -75,6 +75,7 @@ secrets:
openxchangeUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_user" | sha1sum | quote }} openxchangeUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_user" | sha1sum | quote }}
nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "nextcloud_user" | sha1sum | quote }} nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "nextcloud_user" | sha1sum | quote }}
minio: minio:
dovecotUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "dovecot_user" | sha1sum | quote) }}
rootPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "root_password" | sha1sum | quote) }} rootPassword: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "root_password" | sha1sum | quote) }}
migrationsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "migrations_user" | sha1sum | quote) }} migrationsUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "migrations_user" | sha1sum | quote) }}
nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }} nextcloudUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "nextcloud_user" | sha1sum | quote) }}