From 6e343c76a32a5bf4b431bdad6be1f7d107caa4f5 Mon Sep 17 00:00:00 2001 From: Thomas Kaltenbrunner Date: Fri, 31 Jan 2025 11:18:11 +0100 Subject: [PATCH] fix(dovecot): Add Dovecot Pro [EE] --- .../open-xchange/helmfile-child.yaml.gotmpl | 29 +++++++----- .../values-dovecot-enterprise.yaml.gotmpl | 45 +++++++++++++++++++ .../open-xchange/values-dovecot.yaml.gotmpl | 3 +- .../values-minio.yaml.gotmpl | 29 +++++++++++- .../charts.yaml.gotmpl | 8 +++- .../images.yaml.gotmpl | 4 ++ .../objectstores.yaml.gotmpl | 15 +++++++ 7 files changed, 117 insertions(+), 16 deletions(-) create mode 100644 helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl create mode 100644 helmfile/environments/default-enterprise-overrides/objectstores.yaml.gotmpl diff --git a/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl b/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl index 5135e50f..3de049e8 100644 --- a/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl @@ -1,4 +1,4 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0 --- repositories: @@ -7,27 +7,29 @@ repositories: - name: "dovecot-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" verify: {{ .Values.charts.dovecot.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}" - - # Open-Xchange {{- if eq (env "OPENDESK_ENTERPRISE") "true" }} - - name: "open-xchange-repo" - keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg" - verify: {{ .Values.charts.oxAppSuite.verify }} username: {{ env "ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} password: {{ env "ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.oxAppSuite.registry }}/{{ .Values.charts.oxAppSuite.repository }}" + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}" {{- else }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}" + {{- end }} + + # Open-Xchange - name: "open-xchange-repo" keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg" verify: {{ .Values.charts.oxAppSuite.verify }} + oci: true + {{- if eq (env "OPENDESK_ENTERPRISE") "true" }} + username: {{ env "ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.oxAppSuite.registry }}/{{ .Values.charts.oxAppSuite.repository }}" + {{- else }} username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.oxAppSuite.registry }}/{{ .Values.charts.oxAppSuite.repository }}" {{- end }} @@ -55,6 +57,9 @@ releases: version: "{{ .Values.charts.dovecot.version }}" values: - "values-dovecot.yaml.gotmpl" + {{- if eq (env "OPENDESK_ENTERPRISE") "true" }} + - "values-dovecot-enterprise.yaml.gotmpl" + {{- end }} {{- range .Values.customization.release.dovecot }} - {{ . }} {{- end }} diff --git a/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl new file mode 100644 index 00000000..d6607638 --- /dev/null +++ b/helmfile/apps/open-xchange/values-dovecot-enterprise.yaml.gotmpl @@ -0,0 +1,45 @@ +{{/* +SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +image: + registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.dovecot.registry | quote }} + repository: {{ .Values.images.dovecot.repository | quote }} + tag: {{ .Values.images.dovecot.tag | quote }} + pullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +imageInitCassandra: + registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.cassandra.registry | quote }} + repository: {{ .Values.images.cassandra.repository | quote }} + tag: {{ .Values.images.cassandra.tag | quote }} + pullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 2 }} + +dovecot: + dictmap: + enabled: true + host: {{ .Values.databases.dovecotDictmap.host | quote }} + port: {{ .Values.databases.dovecotDictmap.port }} + username: {{ .Values.databases.dovecotDictmap.username | quote }} + password: {{ .Values.secrets.cassandra.dovecotDictmapUser | quote }} + keyspace: {{ .Values.databases.dovecotDictmap.name | quote }} + sharedMailboxes: + enabled: false + host: {{ .Values.databases.dovecotACL.host | quote }} + port: {{ .Values.databases.dovecotACL.port }} + username: {{ .Values.databases.dovecotACL.username | quote }} + password: {{ .Values.secrets.cassandra.dovecotACLUser | quote }} + keyspace: {{ .Values.databases.dovecotACL.name | quote }} + objectStorage: + encryption: + privateKey: + value: {{ env "DOVECOT_CRYPT_PRIVATE_KEY" | quote }} + publicKey: + value: {{ env "DOVECOT_CRYPT_PUBLIC_KEY" | quote }} + fqdn: {{ .Values.objectstores.dovecot.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} + username: {{ .Values.objectstores.dovecot.username | quote }} + password: {{ .Values.secrets.minio.dovecotUser | quote }} +... diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index b4a56f24..360873ff 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -1,5 +1,5 @@ {{/* -SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" SPDX-License-Identifier: Apache-2.0 */}} @@ -34,7 +34,6 @@ dovecot: introspectionPath: "/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token/introspect" usernameAttribute: "opendesk_username" loginTrustedNetworks: {{ join " " .Values.cluster.networking.cidr | quote }} - submission: enabled: true ssl: "no" diff --git a/helmfile/apps/services-external/values-minio.yaml.gotmpl b/helmfile/apps/services-external/values-minio.yaml.gotmpl index e3e22b09..2e58fdee 100644 --- a/helmfile/apps/services-external/values-minio.yaml.gotmpl +++ b/helmfile/apps/services-external/values-minio.yaml.gotmpl @@ -1,5 +1,5 @@ {{/* -SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" SPDX-License-Identifier: Apache-2.0 */}} @@ -116,6 +116,11 @@ provisioning: - name: {{ .Values.objectstores.nubus.bucket | quote }} versioning: "Suspended" withLock: false + {{- if eq (env "OPENDESK_ENTERPRISE") "true" }} + - name: {{ .Values.objectstores.dovecot.bucket | quote }} + versioning: "Suspended" + withLock: false + {{- end }} policies: - name: "migrations-bucket-policy" statements: @@ -177,6 +182,20 @@ provisioning: effect: "Allow" actions: - "s3:*" + {{- if eq (env "OPENDESK_ENTERPRISE") "true" }} + - name: "dovecot-bucket-policy" + statements: + - resources: + - "arn:aws:s3:::dovecot" + effect: "Allow" + actions: + - "s3:*" + - resources: + - "arn:aws:s3:::dovecot/*" + effect: "Allow" + actions: + - "s3:*" + {{- end }} users: - username: {{ .Values.objectstores.migrations.username | quote }} password: {{ .Values.secrets.minio.migrationsUser | quote }} @@ -208,6 +227,14 @@ provisioning: policies: - "ums-bucket-policy" setPolicies: true + {{- if eq (env "OPENDESK_ENTERPRISE") "true" }} + - username: {{ .Values.objectstores.dovecot.username | quote }} + password: {{ .Values.secrets.minio.dovecotUser | quote }} + disabled: false + policies: + - "dovecot-bucket-policy" + setPolicies: true + {{- end }} resources: {{ .Values.resources.minio | toYaml | nindent 4 }} diff --git a/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl index 2d619211..d50490c5 100644 --- a/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl +++ b/helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl @@ -1,7 +1,13 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0 --- charts: + dovecot: + registry: "registry.opencode.de" + repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro" + name: "dovecot" + version: "1.0.0" + verify: true oxAppSuite: registry: "registry.opencode.de" repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/charts-mirror" diff --git a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl index 87543f0f..1ade3fe7 100644 --- a/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl +++ b/helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl @@ -6,6 +6,10 @@ images: registry: "registry.opencode.de" repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk" tag: "24.04.9.4.2@sha256:7c38f2568855ec33c11296d65384766230ea3097a245a60b9e8b0b62cb9cc17f" + dovecot: + registry: "registry.opencode.de" + repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro" + tag: "3.0.1-rev3@sha256:b87f16562dd486c0f97e8147a797af16a54f25f1ac64826f4f53bd8177ec9a33" nextcloud: registry: "registry.opencode.de" repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud" diff --git a/helmfile/environments/default-enterprise-overrides/objectstores.yaml.gotmpl b/helmfile/environments/default-enterprise-overrides/objectstores.yaml.gotmpl new file mode 100644 index 00000000..9288d543 --- /dev/null +++ b/helmfile/environments/default-enterprise-overrides/objectstores.yaml.gotmpl @@ -0,0 +1,15 @@ +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-License-Identifier: Apache-2.0 +--- +objectstores: + dovecot: + bucket: "dovecot" + endpoint: "" + region: "eu-west-1" + secretKey: "" + username: "dovecot_user" + storageClass: "STANDARD" + useSSL: true + pathStyle: true + port: 443 +...