sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 07:21:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(helmfile): Unify templating name for Open-Xchange to openxchange and for OX App Suite to oxAppSuite.

Browse Source
This commit is contained in:
Thorsten Roßner
2024-11-28 07:34:11 +01:00
parent 8611d95e5a
commit 6ff1fcd438
22 changed files with 227 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
docs/components.md
View File

@@ -27,28 +27,28 @@ openDesk consists of a variety of open-source projects. Here is a list with the
Components of type `Eval` are used for development and evaluation purposes only, Components of type `Eval` are used for development and evaluation purposes only,
they need to be replaced in production deployments. they need to be replaced in production deployments.
| Component                   | Description                    | Type       | | Component | Description | Type |
|-----------------------------|--------------------------------|------------| | -------------------- | ------------------------------ | ---------- |
| Certificates                | TLS certificates               | Eval       | | Certificates | TLS certificates | Eval |
| ClamAV (Distributed)        | Antivirus engine               | Eval       | | ClamAV (Distributed) | Antivirus engine | Eval |
| ClamAV (Simple)             | Antivirus engine               | Eval       | | ClamAV (Simple) | Antivirus engine | Eval |
| Collabora                   | Weboffice                      | Functional | | Collabora | Weboffice | Functional |
| CryptPad                    | Weboffice                      | Functional | | CryptPad | Weboffice | Functional |
| dkimpy-milter               | DKIM milter for Postfix        | Eval       | | dkimpy-milter | DKIM milter for Postfix | Eval |
| Element                     | Secure communications platform | Functional | | Element | Secure communications platform | Functional |
| Jitsi                       | Videoconferencing              | Functional | | Jitsi | Videoconferencing | Functional |
| MariaDB                     | Database                       | Eval       | | MariaDB | Database | Eval |
| Memcached                   | Cache Database                 | Eval       | | Memcached | Cache Database | Eval |
| MinIO                       | Object Storage                 | Eval       | | MinIO | Object Storage | Eval |
| Nextcloud                   | File share                     | Functional | | Nextcloud | File share | Functional |
| Nubus (UMS)                 | Identity Management & Portal   | Functional | | Nubus (UMS) | Identity Management & Portal | Functional |
| OpenProject                 | Project management             | Functional | | OpenProject | Project management | Functional |
| OX Appsuite                 | Groupware                      | Functional | | OX App Suite | Groupware | Functional |
| OX Dovecot                  | Mail backend (IMAP)            | Functional | | OX Dovecot | Mail backend (IMAP) | Functional |
| Postfix                     | MTA                            | Eval       | | Postfix | MTA | Eval |
| PostgreSQL                  | Database                       | Eval       | | PostgreSQL | Database | Eval |
| Redis                       | Cache Database                 | Eval       | | Redis | Cache Database | Eval |
| XWiki                       | Knowledge Management           | Functional | | XWiki | Knowledge Management | Functional |
# Component integration # Component integration

7
docs/enhanced-configuration/groupware-migration.md
View File

@@ -6,7 +6,6 @@ SPDX-License-Identifier: Apache-2.0
<h1>Migration from M365 with audriga migration service and master authentication</h1> <h1>Migration from M365 with audriga migration service and master authentication</h1>
<!-- TOC --> <!-- TOC -->
* [Context](#context)
* [Prerequisites](#prerequisites) * [Prerequisites](#prerequisites)
* [Prepare M365 tenant for access](#prepare-m365-tenant-for-access) * [Prepare M365 tenant for access](#prepare-m365-tenant-for-access)
* [Provisioning user accounts in openDesk](#provisioning-user-accounts-in-opendesk) * [Provisioning user accounts in openDesk](#provisioning-user-accounts-in-opendesk)
@@ -75,18 +74,18 @@ With openDesk 1.0 Enterprise, you can set openDesk's email components (OX AppSui
``` ```
secrets: secrets:
oxAppsuite: oxAppSuite:
adminPassword: "your_temporary_master_password" adminPassword: "your_temporary_master_password"
functional: functional:
migration: migration:
oxAppsuite: oxAppSuite:
enabled: true enabled: true
``` ```
1. You must specify the master password referenced in the document's following sections. 1. You must specify the master password referenced in the document's following sections.
2. You need to enable the actual master authentication mode. 2. You need to enable the actual master authentication mode.
Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppsuite.adminPassword` and need to turn off the migration mode by setting `functional.migration.oxAppsuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again. Updating your deployment with these settings will allow you to continue with the migration scenario. Once the migration is completed, you can remove `secrets.oxAppSuite.adminPassword` and need to turn off the migration mode by setting `functional.migration.oxAppSuite.enabled` to `false` or removing that setting, as `false` is the default before you update your deployment once again.
> **Note**<br> > **Note**<br>
> For the changes to take effect, it is sufficient to deploy the `open-xchange` component. > For the changes to take effect, it is sufficient to deploy the `open-xchange` component.

106
docs/external-services.md
View File

@@ -18,59 +18,59 @@ This document will cover the additional configuration for external services like
When deploying this suite to production, you need to configure the applications to use your production-grade database When deploying this suite to production, you need to configure the applications to use your production-grade database
service. service.
| Component   | Name               | Type       | Parameter | Key                                      | Default                    | | Component | Name | Type | Parameter | Key | Default |
|-------------|--------------------|------------|-----------|------------------------------------------|----------------------------| | ------------ | ------------------ | ---------- | --------- | ---------------------------------------- | -------------------------- |
| Element     | Synapse            | PostgreSQL |           |                                          |                            | | Element | Synapse | PostgreSQL | | | |
|             |                    |            | Name      | `databases.synapse.name` | `matrix` | | | | | Name | `databases.synapse.name` | `matrix` |
|             |                    |            | Host      | `databases.synapse.host` | `postgresql` | | | | | Host | `databases.synapse.host` | `postgresql` |
|             |                    |            | Port      | `databases.synapse.port` | `5432` | | | | | Port | `databases.synapse.port` | `5432` |
|             |                    |            | Username  | `databases.synapse.username` | `matrix_user` | | | | | Username | `databases.synapse.username` | `matrix_user` |
|             |                    |            | Password  | `databases.synapse.password` |                            | | | | | Password | `databases.synapse.password` | |
| Keycloak    | Keycloak           | PostgreSQL |           |                                          |                            | | Keycloak | Keycloak | PostgreSQL | | | |
|             |                    |            | Name      | `databases.keycloak.name` | `keycloak` | | | | | Name | `databases.keycloak.name` | `keycloak` |
|             |                    |            | Host      | `databases.keycloak.host` | `postgresql` | | | | | Host | `databases.keycloak.host` | `postgresql` |
|             |                    |            | Port      | `databases.keycloak.port` | `5432` | | | | | Port | `databases.keycloak.port` | `5432` |
|             |                    |            | Username  | `databases.keycloak.username` | `keycloak_user` | | | | | Username | `databases.keycloak.username` | `keycloak_user` |
|             |                    |            | Password  | `databases.keycloak.password` |                            | | | | | Password | `databases.keycloak.password` | |
|             | Keycloak Extension | PostgreSQL |           |                                          |                            | | | Keycloak Extension | PostgreSQL | | | |
|             |                    |            | Name      | `databases.keycloakExtension.name` | `keycloak_extensions` | | | | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|             |                    |            | Host      | `databases.keycloakExtension.host` | `postgresql` | | | | | Host | `databases.keycloakExtension.host` | `postgresql` |
|             |                    |            | Port      | `databases.keycloakExtension.port` | `5432` | | | | | Port | `databases.keycloakExtension.port` | `5432` |
|             |                    |            | Username  | `databases.keycloakExtension.username` | `keycloak_extensions_user` | | | | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|             |                    |            | Password  | `databases.keycloakExtension.password` |                            | | | | | Password | `databases.keycloakExtension.password` | |
| UMS         | Notifications API  | PostgreSQL |           |                                          |                            | | UMS | Notifications API | PostgreSQL | | | |
|             |                    |            | Name      | `databases.umsNotificationsApi.name` | `notificationsapi` | | | | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
|             |                    |            | Host      | `databases.umsNotificationsApi.host` | `postgresql` | | | | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
|             |                    |            | Port      | `databases.umsNotificationsApi.port` | `5432` | | | | | Port | `databases.umsNotificationsApi.port` | `5432` |
|             |                    |            | Username  | `databases.umsNotificationsApi.username` | `notificationsapi_user` | | | | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
|             |                    |            | Password  | `databases.umsNotificationsApi.password` |                            | | | | | Password | `databases.umsNotificationsApi.password` | |
|             | Self Service       | PostgreSQL |           |                                          |                            | | | Self Service | PostgreSQL | | | |
|             |                    |            | Name      | `databases.umsSelfservice.name` | `selfservice` | | | | | Name | `databases.umsSelfservice.name` | `selfservice` |
|             |                    |            | Host      | `databases.umsSelfservice.host` | `postgresql` | | | | | Host | `databases.umsSelfservice.host` | `postgresql` |
|             |                    |            | Port      | `databases.umsSelfservice.port` | `5432` | | | | | Port | `databases.umsSelfservice.port` | `5432` |
|             |                    |            | Username  | `databases.umsSelfservice.username` | `selfservice_user` | | | | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
|             |                    |            | Password  | `databases.umsSelfservice.password` |                            | | | | | Password | `databases.umsSelfservice.password` | |
| Nextcloud   | Nextcloud          | MariaDB    |           |                                          |                            | | Nextcloud | Nextcloud | MariaDB | | | |
|             |                    |            | Name      | `databases.nextcloud.name` | `nextcloud` | | | | | Name | `databases.nextcloud.name` | `nextcloud` |
|             |                    |            | Host      | `databases.nextcloud.host` | `mariadb` | | | | | Host | `databases.nextcloud.host` | `mariadb` |
|             |                    |            | Username  | `databases.nextcloud.username` | `nextcloud_user` | | | | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|             |                    |            | Password  | `databases.nextcloud.password` |                            | | | | | Password | `databases.nextcloud.password` | |
| OpenProject | OpenProject        | PostgreSQL |           |                                          |                            | | OpenProject | OpenProject | PostgreSQL | | | |
|             |                    |            | Name      | `databases.openproject.name` | `openproject` | | | | | Name | `databases.openproject.name` | `openproject` |
|             |                    |            | Host      | `databases.openproject.host` | `postgresql` | | | | | Host | `databases.openproject.host` | `postgresql` |
|             |                    |            | Port      | `databases.openproject.port` | `5432` | | | | | Port | `databases.openproject.port` | `5432` |
|             |                    |            | Username  | `databases.openproject.username` | `openproject_user` | | | | | Username | `databases.openproject.username` | `openproject_user` |
|             |                    |            | Password  | `databases.openproject.password` |                            | | | | | Password | `databases.openproject.password` | |
| OX Appsuite | OX Appsuite        | MariaDB    |           |                                          |                            | | OX App Suite | OX App Suite | MariaDB | | | |
|             |                    |            | Name      | `databases.oxAppsuite.name` | `CONFIGDB` | | | | | Name | `databases.oxAppSuite.name` | `CONFIGDB` |
|             |                    |            | Host      | `databases.oxAppsuite.host` | `mariadb` | | | | | Host | `databases.oxAppSuite.host` | `mariadb` |
|             |                    |            | Username  | `databases.oxAppsuite.username` | `root` | | | | | Username | `databases.oxAppSuite.username` | `root` |
|             |                    |            | Password  | `databases.oxAppsuite.password` |                            | | | | | Password | `databases.oxAppSuite.password` | |
| XWiki       | XWiki              | MariaDB    |           |                                          |                            | | XWiki | XWiki | MariaDB | | | |
|             |                    |            | Name      | `databases.xwiki.name` | `xwiki` | | | | | Name | `databases.xwiki.name` | `xwiki` |
|             |                    |            | Host      | `databases.xwiki.host` | `mariadb` | | | | | Host | `databases.xwiki.host` | `mariadb` |
|             |                    |            | Username  | `databases.xwiki.username` | `xwiki_user` | | | | | Username | `databases.xwiki.username` | `xwiki_user` |
|             |                    |            | Password  | `databases.xwiki.password` |                            | | | | | Password | `databases.xwiki.password` | |
# Object storage # Object storage

4
docs/getting-started.md
View File

@@ -100,7 +100,7 @@ export DOMAIN=domain.tld
All available apps and their default value are in `helmfile/environments/default/opendesk_main.gotmpl`. All available apps and their default value are in `helmfile/environments/default/opendesk_main.gotmpl`.
| Component | Name | Default | Description | | Component | Name | Default | Description |
|----------------------|-----------------------------|---------|--------------------------------| | -------------------- | --------------------------- | ------- | ------------------------------ |
| Certificates | `certificates.enabled` | `true` | TLS certificates | | Certificates | `certificates.enabled` | `true` | TLS certificates |
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | | ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine |
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | | ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine |
@@ -117,7 +117,7 @@ All available apps and their default value are in `helmfile/environments/default
| Nextcloud | `nextcloud.enabled` | `true` | File share | | Nextcloud | `nextcloud.enabled` | `true` | File share |
| Nubus | `nubus.enabled` | `true` | Identity Management & Portal | | Nubus | `nubus.enabled` | `true` | Identity Management & Portal |
| OpenProject | `openproject.enabled` | `true` | Project management | | OpenProject | `openproject.enabled` | `true` | Project management |
| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | | OX App Suite | `oxAppSuite.enabled` | `true` | Groupware |
| Postfix | `postfix.enabled` | `true` | MTA | | Postfix | `postfix.enabled` | `true` | MTA |
| PostgreSQL | `postgresql.enabled` | `true` | Database | | PostgreSQL | `postgresql.enabled` | `true` | Database |
| Redis | `redis.enabled` | `true` | Cache Database | | Redis | `redis.enabled` | `true` | Cache Database |

73
docs/migrations.md
View File

@@ -10,11 +10,12 @@ SPDX-License-Identifier: Apache-2.0
* [openDesk supported upgrade path](#opendesk-supported-upgrade-path) * [openDesk supported upgrade path](#opendesk-supported-upgrade-path)
* [Releases upgrade details](#releases-upgrade-details) * [Releases upgrade details](#releases-upgrade-details)
* [From v1.0.0](#from-v100) * [From v1.0.0](#from-v100)
* [Pre-upgrade: Manual steps](#pre-upgrade-manual-steps) * [Pre-upgrade: Manual checks/steps](#pre-upgrade-manual-checkssteps)
* [Streamlining `openxchange` and `oxAppSuite` attribute names.](#streamlining-openxchange-and-oxappsuite-attribute-names)
* [`customization.release`](#customizationrelease) * [`customization.release`](#customizationrelease)
* [Redis 7.4](#redis-74) * [Redis 7.4](#redis-74)
* [From v0.9.0](#from-v090) * [From v0.9.0](#from-v090)
* [Pre-upgrade: Manual steps](#pre-upgrade-manual-steps-1) * [Pre-upgrade: Manual steps](#pre-upgrade-manual-steps)
* [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus) * [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus)
* [Configuration Cleanup: Updated `global.imagePullSecrets`](#configuration-cleanup-updated-globalimagepullsecrets) * [Configuration Cleanup: Updated `global.imagePullSecrets`](#configuration-cleanup-updated-globalimagepullsecrets)
* [Changed openDesk defaults: Matrix ID](#changed-opendesk-defaults-matrix-id) * [Changed openDesk defaults: Matrix ID](#changed-opendesk-defaults-matrix-id)
@@ -65,7 +66,70 @@ Explanation of the table's columns:
## From v1.0.0 ## From v1.0.0
### Pre-upgrade: Manual steps ### Pre-upgrade: Manual checks/steps
#### Streamlining `openxchange` and `oxAppSuite` attribute names.
We have updated some attribute names around Open-Xchange / OX App Suite to be consistent within our Helmfile
deployment and to aligning with the actual brand names as well as with our rule of thumb for brand based
attribute names[^1].
In case you are using any of the customizations below (`WAS`), please update as shown (`NOW`):
```
WAS: oxAppsuite: ...
NOW: oxAppSuite: ...
```
```
WAS: cache.oxAppsuite: ...
NOW: cache.oxAppSuite: ...
```
```
WAS: charts.openXchangeAppSuite: ...
NOW: charts.oxAppSuite: ...
```
```
WAS: charts.openXchangeAppSuiteBootstrap: ...
NOW: charts.oxAppSuiteBootstrap: ...
```
```
WAS: customization.release.openXchange: ...
NOW: customization.release.openxchange: ...
```
```
WAS: customization.release.opendeskOpenXchangeBootstrap: ...
NOW: customization.release.opendeskOpenxchangeBootstrap: ...
```
```
WAS: databases.oxAppsuite: ...
NOW: databases.oxAppSuite: ...
```
```
WAS: ingress.parameters.openXchangeAppSuite: ...
NOW: ingress.parameters.oxAppSuite: ...
```
```
WAS: ingress.bodyTimeout.openXchangeAppSuite: ...
NOW: ingress.bodyTimeout.oxAppSuite: ...
```
```
WAS: migration.oxAppsuite: ...
NOW: migration.oxAppSuite: ...
```
```
WAS: secrets.oxAppsuite: ...
NOW: secrets.oxAppSuite: ...
```
#### `customization.release` #### `customization.release`
@@ -346,3 +410,6 @@ When a new upgrade migration is required, ensure to address the following list:
- You most likely have to update the [`opendesk-migrations` Helm chart](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations) within the `rules` section of the [`role.yaml`](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/main/charts/opendesk-migrations/templates/role.yaml) to provide the permissions required for the execution of your migration's logic. - You most likely have to update the [`opendesk-migrations` Helm chart](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations) within the `rules` section of the [`role.yaml`](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/main/charts/opendesk-migrations/templates/role.yaml) to provide the permissions required for the execution of your migration's logic.
- You must set the runner's ID you want to execute in the [migrations.yaml.gotmpl](../helmfile/shared/migrations.yaml.gotmpl). See also the `migrations.*` section of [the Helm chart's README.md](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/main/charts/opendesk-migrations/README.md). - You must set the runner's ID you want to execute in the [migrations.yaml.gotmpl](../helmfile/shared/migrations.yaml.gotmpl). See also the `migrations.*` section of [the Helm chart's README.md](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/main/charts/opendesk-migrations/README.md).
- Update the [`charts.yaml`](../helmfile/environments/default/charts.yaml) and [`images.yaml`](../helmfile/environments/default/images.yaml) to reflect the newer releases of the `opendesk-migrations` Helm chart and container image. - Update the [`charts.yaml`](../helmfile/environments/default/charts.yaml) and [`images.yaml`](../helmfile/environments/default/images.yaml) to reflect the newer releases of the `opendesk-migrations` Helm chart and container image.
[^1]: We do not follow a brand name's specific spelling when it comes to upper and lower case and only use new word
uppercase when names consist of multiple, space divided words.

4
helmfile/apps/element/values-synapse.yaml.gotmpl
View File

@@ -60,8 +60,8 @@ configuration:
regex: "@.*" regex: "@.*"
url: null url: null
sender_localpart: intercom-service sender_localpart: intercom-service
- as_token: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }} - as_token: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
hs_token: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }} hs_token: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
id: ox-appsuite id: ox-appsuite
namespaces: namespaces:
users: users:

26
helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl
View File

@@ -15,22 +15,22 @@ repositories:
# Open-Xchange # Open-Xchange
- name: "open-xchange-repo" - name: "open-xchange-repo"
keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg" keyring: "../../files/gpg-pubkeys/open-xchange-com.gpg"
verify: {{ .Values.charts.openXchangeAppSuite.verify }} verify: {{ .Values.charts.oxAppSuite.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/{{ .Values.charts.openXchangeAppSuite.repository }}" url: "{{ .Values.global.helmRegistry | default .Values.charts.oxAppSuite.registry }}/{{ .Values.charts.oxAppSuite.repository }}"
# openDesk Open-Xchange Bootstrap # openDesk Open-Xchange Bootstrap
# Source: # Source:
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap
- name: "open-xchange-bootstrap-repo" - name: "open-xchange-bootstrap-repo"
keyring: "../../files/gpg-pubkeys/opencode.gpg" keyring: "../../files/gpg-pubkeys/opencode.gpg"
verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} verify: {{ .Values.charts.oxAppSuiteBootstrap.verify }}
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
oci: true oci: true
url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/{{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}" url: "{{ .Values.global.helmRegistry | default .Values.charts.oxAppSuiteBootstrap.registry }}/{{ .Values.charts.oxAppSuiteBootstrap.repository }}"
# OX Connector # OX Connector
- name: "ox-connector-repo" - name: "ox-connector-repo"
@@ -52,26 +52,26 @@ releases:
timeout: 900 timeout: 900
- name: "open-xchange" - name: "open-xchange"
chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}" chart: "open-xchange-repo/{{ .Values.charts.oxAppSuite.name }}"
version: "{{ .Values.charts.openXchangeAppSuite.version }}" version: "{{ .Values.charts.oxAppSuite.version }}"
values: values:
- "values-openxchange.yaml.gotmpl" - "values-openxchange.yaml.gotmpl"
- "values-openxchange-enterprise-contact-picker.yaml.gotmpl" - "values-openxchange-enterprise-contact-picker.yaml.gotmpl"
{{ range .Values.customization.release.openXchange }} {{ range .Values.customization.release.openxchange }}
- {{ . }} - {{ . }}
{{ end }} {{ end }}
installed: {{ .Values.oxAppsuite.enabled }} installed: {{ .Values.oxAppSuite.enabled }}
timeout: 900 timeout: 900
- name: "opendesk-open-xchange-bootstrap" - name: "opendesk-open-xchange-bootstrap"
chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}" chart: "open-xchange-bootstrap-repo/{{ .Values.charts.oxAppSuiteBootstrap.name }}"
version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}" version: "{{ .Values.charts.oxAppSuiteBootstrap.version }}"
values: values:
- "values-openxchange-bootstrap.yaml.gotmpl" - "values-openxchange-bootstrap.yaml.gotmpl"
{{ range .Values.customization.release.opendeskOpenXchangeBootstrap }} {{ range .Values.customization.release.opendeskOpenxchangeBootstrap }}
- {{ . }} - {{ . }}
{{ end }} {{ end }}
installed: {{ .Values.oxAppsuite.enabled }} installed: {{ .Values.oxAppSuite.enabled }}
timeout: 900 timeout: 900
- name: "ox-connector" - name: "ox-connector"
@@ -82,7 +82,7 @@ releases:
{{ range .Values.customization.release.oxConnector }} {{ range .Values.customization.release.oxConnector }}
- {{ . }} - {{ . }}
{{ end }} {{ end }}
installed: {{ .Values.oxAppsuite.enabled }} installed: {{ .Values.oxAppSuite.enabled }}
needs: needs:
- "open-xchange" - "open-xchange"

4
helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
View File

@@ -17,8 +17,8 @@ dovecot:
mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
password: {{ .Values.secrets.dovecot.doveadm | quote }} password: {{ .Values.secrets.dovecot.doveadm | quote }}
migration: migration:
enabled: {{ .Values.functional.migration.oxAppsuite.enabled }} enabled: {{ .Values.functional.migration.oxAppSuite.enabled }}
masterPassword: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }} masterPassword: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
ldap: ldap:
enabled: true enabled: true
host: {{ .Values.ldap.host | quote }} host: {{ .Values.ldap.host | quote }}

60
helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
View File

@@ -7,16 +7,16 @@ SPDX-License-Identifier: Apache-2.0
global: global:
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
appsuite: appsuite:
cookieHashSalt: {{ .Values.secrets.oxAppsuite.cookieHashSalt }} cookieHashSalt: {{ .Values.secrets.oxAppSuite.cookieHashSalt }}
shareCryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey }} shareCryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey }}
sessiondEncryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey }} sessiondEncryptionKey: {{ .Values.secrets.oxAppSuite.sessiondEncryptionKey }}
mysql: mysql:
host: {{ .Values.databases.oxAppsuite.host | quote }} host: {{ .Values.databases.oxAppSuite.host | quote }}
database: {{ .Values.databases.oxAppsuite.name | quote }} database: {{ .Values.databases.oxAppSuite.name | quote }}
auth: auth:
user: {{ .Values.databases.oxAppsuite.username | quote }} user: {{ .Values.databases.oxAppSuite.username | quote }}
password: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} password: {{ .Values.databases.oxAppSuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
rootPassword: {{ .Values.databases.oxAppsuite.password | default .Values.secrets.mariadb.rootPassword | quote }} rootPassword: {{ .Values.databases.oxAppSuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
nextcloud-integration-ui: nextcloud-integration-ui:
image: image:
@@ -105,9 +105,9 @@ appsuite:
routes: routes:
http-api-routes-appsuite-api: http-api-routes-appsuite-api:
annotations: annotations:
nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.openXchangeAppSuite }}" nginx.ingress.kubernetes.io/proxy-body-size: "{{ .Values.ingress.parameters.bodySize.oxAppSuite }}"
nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.openXchangeAppSuite }}" nginx.ingress.kubernetes.io/proxy-read-timeout: "{{ .Values.ingress.parameters.bodyTimeout.oxAppSuite }}"
nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.openXchangeAppSuite }}" nginx.ingress.kubernetes.io/proxy-send-timeout: "{{ .Values.ingress.parameters.bodyTimeout.oxAppSuite }}"
trailslash: trailslash:
enabled: false enabled: false
core-mw: core-mw:
@@ -119,13 +119,13 @@ appsuite:
oidcLogin: true oidcLogin: true
oidcPath: "/oidc" oidcPath: "/oidc"
masterAdmin: "admin" masterAdmin: "admin"
masterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} masterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
hzGroupName: "hzgroup" hzGroupName: "hzgroup"
hzGroupPassword: {{ .Values.secrets.oxAppsuite.hzGroupPassword | quote }} hzGroupPassword: {{ .Values.secrets.oxAppSuite.hzGroupPassword | quote }}
basicAuthLogin: "oxlogin" basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
jolokiaLogin: "jolokia" jolokiaLogin: "jolokia"
jolokiaPassword: {{ .Values.secrets.oxAppsuite.jolokiaPassword | quote }} jolokiaPassword: {{ .Values.secrets.oxAppSuite.jolokiaPassword | quote }}
hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
podAnnotations: {} podAnnotations: {}
serviceAccount: serviceAccount:
@@ -174,7 +174,7 @@ appsuite:
chown open-xchange:open-xchange /opt/open-xchange/guard-files chown open-xchange:open-xchange /opt/open-xchange/guard-files
packages: packages:
status: status:
{{- if .Values.functional.migration.oxAppsuite.enabled }} {{- if .Values.functional.migration.oxAppSuite.enabled }}
open-xchange-authentication-masterpassword: "enabled" open-xchange-authentication-masterpassword: "enabled"
open-xchange-authentication-ldap: "disabled" open-xchange-authentication-ldap: "disabled"
open-xchange-authentication-oauth: "disabled" open-xchange-authentication-oauth: "disabled"
@@ -316,13 +316,13 @@ appsuite:
mountPath: "/etc/ssl/certs/" mountPath: "/etc/ssl/certs/"
{{- end }} {{- end }}
secretProperties: secretProperties:
com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppsuite.cookieHashSalt | quote }} com.openexchange.cookie.hash.salt: {{ .Values.secrets.oxAppSuite.cookieHashSalt | quote }}
com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppsuite.sessiondEncryptionKey | quote }} com.openexchange.sessiond.encryptionKey: {{ .Values.secrets.oxAppSuite.sessiondEncryptionKey | quote }}
com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }} com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }} com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
propertiesFiles: propertiesFiles:
/opt/open-xchange/etc/masterpassword-authentication.properties: /opt/open-xchange/etc/masterpassword-authentication.properties:
com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }} com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
/opt/open-xchange/etc/AdminDaemon.properties: /opt/open-xchange/etc/AdminDaemon.properties:
MASTER_ACCOUNT_OVERRIDE: "true" MASTER_ACCOUNT_OVERRIDE: "true"
/opt/open-xchange/etc/AdminUser.properties: /opt/open-xchange/etc/AdminUser.properties:
@@ -392,17 +392,17 @@ appsuite:
# MC+base64(20 random bytes) # MC+base64(20 random bytes)
# RC+base64(20 random bytes) # RC+base64(20 random bytes)
oxguardpass: | oxguardpass: |
{{ .Values.secrets.oxAppsuite.oxguardMC }} {{ .Values.secrets.oxAppSuite.oxguardMC }}
{{ .Values.secrets.oxAppsuite.oxguardRC }} {{ .Values.secrets.oxAppSuite.oxguardRC }}
redis: &redisConfiguration redis: &redisConfiguration
enabled: true enabled: true
mode: "standalone" mode: "standalone"
hosts: hosts:
- {{ printf "%s:%v" .Values.cache.oxAppsuite.host .Values.cache.oxAppsuite.port | quote }} - {{ printf "%s:%v" .Values.cache.oxAppSuite.host .Values.cache.oxAppSuite.port | quote }}
auth: auth:
enabled: true enabled: true
username: {{ .Values.cache.oxAppsuite.username | quote }} username: {{ .Values.cache.oxAppSuite.username | quote }}
password: {{ .Values.cache.oxAppsuite.password | default .Values.secrets.redis.password | quote }} password: {{ .Values.cache.oxAppSuite.password | default .Values.secrets.redis.password | quote }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeCoreMW.registry | quote }}
repository: {{ .Values.images.openxchangeCoreMW.repository | quote }} repository: {{ .Values.images.openxchangeCoreMW.repository | quote }}
@@ -501,9 +501,9 @@ appsuite:
core-documentconverter: core-documentconverter:
adminUser: "admin" adminUser: "admin"
adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
basicAuthLogin: "oxlogin" basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
enabled: true enabled: true
documentConverter: documentConverter:
cache: cache:
@@ -588,9 +588,9 @@ appsuite:
core-imageconverter: core-imageconverter:
enabled: true enabled: true
adminUser: "admin" adminUser: "admin"
adminPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} adminPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
basicAuthLogin: "oxlogin" basicAuthLogin: "oxlogin"
basicAuthPassword: {{ .Values.secrets.oxAppsuite.basicAuthPassword | quote }} basicAuthPassword: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
image: image:
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }} registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
repository: {{ .Values.images.openxchangeImageConverter.repository | quote }} repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}

2
helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
View File

@@ -50,7 +50,7 @@ oxConnector:
oxLocalTimezone: "Europe/Berlin" oxLocalTimezone: "Europe/Berlin"
oxLanguage: "de_DE" oxLanguage: "de_DE"
oxMasterAdmin: "admin" oxMasterAdmin: "admin"
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }} oxMasterPassword: {{ .Values.secrets.oxAppSuite.adminPassword | quote }}
oxSmtpServer: "smtp://127.0.0.1:587" oxSmtpServer: "smtp://127.0.0.1:587"
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"

2
helmfile/apps/services/values-certificates.yaml.gotmpl
View File

@@ -39,7 +39,7 @@ global:
{{- if .Values.openproject.enabled }} {{- if .Values.openproject.enabled }}
openproject: {{ .Values.global.hosts.openproject }} openproject: {{ .Values.global.hosts.openproject }}
{{- end }} {{- end }}
{{- if .Values.oxAppsuite.enabled }} {{- if .Values.oxAppSuite.enabled }}
openxchange: {{ .Values.global.hosts.openxchange }} openxchange: {{ .Values.global.hosts.openxchange }}
{{- end }} {{- end }}
{{- if .Values.nubus.enabled }} {{- if .Values.nubus.enabled }}

8
helmfile/apps/services/values-mariadb.yaml.gotmpl
View File

@@ -47,9 +47,9 @@ job:
- username: "openxchange_user" - username: "openxchange_user"
# - username: {{ .Values.databases.xwiki.username | quote }} # - username: {{ .Values.databases.xwiki.username | quote }}
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }} password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
connectionLimit: {{ .Values.databases.oxAppsuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
- username: "xwiki_user" - username: "xwiki_user"
# - username: {{ .Values.databases.oxAppsuite.username | quote }} # - username: {{ .Values.databases.oxAppSuite.username | quote }}
password: {{ .Values.secrets.mariadb.xwikiUser | quote }} password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
databases: databases:
@@ -59,8 +59,8 @@ job:
# users for the moment. # users for the moment.
- name: "openxchange" - name: "openxchange"
user: "openxchange_user" user: "openxchange_user"
# - name: {{ .Values.databases.oxAppsuite.name | quote }} # - name: {{ .Values.databases.oxAppSuite.name | quote }}
# user: {{ .Values.databases.oxAppsuite.username | quote }} # user: {{ .Values.databases.oxAppSuite.username | quote }}
- name: "xwiki" - name: "xwiki"
user: "xwiki_user" user: "xwiki_user"
# - name: {{ .Values.databases.xwiki.name | quote }} # - name: {{ .Values.databases.xwiki.name | quote }}

2
helmfile/apps/services/values-otterize.yaml.gotmpl
View File

@@ -29,7 +29,7 @@ apps:
openproject: openproject:
enabled: {{ .Values.openproject.enabled }} enabled: {{ .Values.openproject.enabled }}
oxAppsuite: oxAppsuite:
enabled: {{ .Values.oxAppsuite.enabled }} enabled: {{ .Values.oxAppSuite.enabled }}
postfix: postfix:
enabled: {{ .Values.postfix.enabled }} enabled: {{ .Values.postfix.enabled }}
postgresql: postgresql:

2
helmfile/environments/default/cache.yaml
View File

@@ -16,7 +16,7 @@ cache:
openproject: openproject:
host: "memcached" host: "memcached"
port: 11211 port: 11211
oxAppsuite: oxAppSuite:
host: "redis-headless" host: "redis-headless"
port: 6379 port: 6379
username: "default" username: "default"

24
helmfile/environments/default/charts.yaml
View File

@@ -318,7 +318,17 @@ charts:
name: "opendesk-openproject-bootstrap" name: "opendesk-openproject-bootstrap"
version: "2.1.1" version: "2.1.1"
verify: true verify: true
openXchangeAppSuite: otterize:
# providerCategory: "Platform"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize/opendesk-otterize"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
name: "opendesk-otterize"
version: "2.1.0"
verify: true
oxAppSuite:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Open-Xchange" # providerResponsible: "Open-Xchange"
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
@@ -330,7 +340,7 @@ charts:
name: "appsuite-public-sector" name: "appsuite-public-sector"
version: "2.12.85" version: "2.12.85"
verify: false verify: false
openXchangeAppSuiteBootstrap: oxAppSuiteBootstrap:
# providerCategory: "Platform" # providerCategory: "Platform"
# providerResponsible: "openDesk" # providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de" # upstreamRegistry: "https://registry.opencode.de"
@@ -340,16 +350,6 @@ charts:
name: "opendesk-open-xchange-bootstrap" name: "opendesk-open-xchange-bootstrap"
version: "2.1.2" version: "2.1.2"
verify: true verify: true
otterize:
# providerCategory: "Platform"
# providerResponsible: "openDesk"
# upstreamRegistry: "https://registry.opencode.de"
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize/opendesk-otterize"
registry: "registry.opencode.de"
repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
name: "opendesk-otterize"
version: "2.1.0"
verify: true
oxConnector: oxConnector:
# providerCategory: "Supplier" # providerCategory: "Supplier"
# providerResponsible: "Univention" # providerResponsible: "Univention"

4
helmfile/environments/default/customization.yaml
View File

@@ -33,8 +33,8 @@ customization:
nginxS3Gateway: {} nginxS3Gateway: {}
# open-xchange # open-xchange
dovecot: {} dovecot: {}
openXchange: {} openxchange: {}
opendeskOpenXchangeBootstrap: {} opendeskOpenxchangeBootstrap: {}
oxConnector: {} oxConnector: {}
# openproject # openproject
openproject: {} openproject: {}

2
helmfile/environments/default/database.yaml
View File

@@ -32,7 +32,7 @@ databases:
username: "openproject_user" username: "openproject_user"
password: "" password: ""
connectionLimit: ~ connectionLimit: ~
oxAppsuite: oxAppSuite:
name: "configdb" name: "configdb"
host: "mariadb" host: "mariadb"
port: 3306 port: 3306

4
helmfile/environments/default/functional.yaml
View File

@@ -99,10 +99,10 @@ functional:
useImmutableIdentifierForLocalpart: false useImmutableIdentifierForLocalpart: false
migration: migration:
oxAppsuite: oxAppSuite:
# Note: Only available in openDesk Enterprise. # Note: Only available in openDesk Enterprise.
# Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using # Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using
# `secrets.oxAppsuite.migrationsMasterPassword`. # `secrets.oxAppSuite.migrationsMasterPassword`.
enabled: false enabled: false
... ...

4
helmfile/environments/default/ingress.yaml
View File

@@ -13,13 +13,13 @@ ingress:
element: "100M" element: "100M"
nextcloud: "100M" nextcloud: "100M"
openproject: "100M" openproject: "100M"
openXchangeAppSuite: "100M" oxAppSuite: "100M"
xwiki: "100M" xwiki: "100M"
bodyTimeout: bodyTimeout:
collabora: 600 collabora: 600
element: 60 element: 60
nextcloud: 600 nextcloud: 600
openproject: 60 openproject: 60
openXchangeAppSuite: 60 oxAppSuite: 60
xwiki: 60 xwiki: 60
... ...

2
helmfile/environments/default/opendesk_main.gotmpl
View File

@@ -55,7 +55,7 @@ nubus:
openproject: openproject:
enabled: true enabled: true
namespace: ~ namespace: ~
oxAppsuite: oxAppSuite:
enabled: true enabled: true
namespace: ~ namespace: ~
postfix: postfix:

2
helmfile/environments/default/replicas.yaml
View File

@@ -164,7 +164,7 @@ replicas:
# dedicated workers for specific queues are possible with OpenProject. # dedicated workers for specific queues are possible with OpenProject.
openprojectWorker: 1 openprojectWorker: 1
# -- component: Groupware (OX Appsuite) # -- component: Groupware (OX App Suite)
# -- scalable: tbd # -- scalable: tbd
openxchangeCoreDocumentConverter: 1 openxchangeCoreDocumentConverter: 1
# -- scalable: tbd # -- scalable: tbd

2
helmfile/environments/default/secrets.gotmpl
View File

@@ -5,7 +5,7 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
secrets: secrets:
oxAppsuite: oxAppSuite:
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }} migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }} cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}