sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 16:28:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat(notes): Add templating for Notes in oD

Browse Source 
Signed-off-by: Axel Lender <lender@b1-systems.de>
This commit is contained in:
Axel Lender
2025-08-21 12:28:38 +02:00
parent 602f3b659d
commit 7367d16287
3 changed files with 101 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
docs/external-secrets.md
View File

@@ -13,6 +13,7 @@ This document covers how to utilise external secrets and special requirements.
* [Cassandra](#cassandra) * [Cassandra](#cassandra)
* [Keycloak](#keycloak) * [Keycloak](#keycloak)
* [MinIO](#minio) * [MinIO](#minio)
* [Notes](#notes)
* [XWiki](#xwiki) * [XWiki](#xwiki)
<!-- TOC --> <!-- TOC -->
@@ -73,6 +74,20 @@ stringData:
Further we need the credentials introduced at MinIO in various other components that didn't implement the special format from MinIO. Hence we have to create key-value-pairs of the passwords for them. Further we need the credentials introduced at MinIO in various other components that didn't implement the special format from MinIO. Hence we have to create key-value-pairs of the passwords for them.
## Notes
There are some values that consist of more than just one secret part.
```yaml
backend:
configuration:
django:
superuserEmail:
value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
redisUrl:
value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
```
## XWiki ## XWiki
Properties listed in the file of the external secret will overwrite plain values. Properties listed in the file of the external secret will overwrite plain values.

46
helmfile/apps/notes/values.yaml.gotmpl
View File

@@ -4,12 +4,22 @@
global: global:
collaborationServerSecret: collaborationServerSecret:
value: {{ .Values.secrets.notes.collaborationSecret | quote }} value: {{ .Values.secrets.notes.collaborationSecret | quote }}
existingSecret:
name: {{ .Values.externalSecrets.notes.collaborationSecret.name | quote }}
key: {{ .Values.externalSecrets.notes.collaborationSecret.key | quote }}
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}" fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
imagePullSecrets: imagePullSecrets:
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }} tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
yProviderApiKey: yProviderApiKey:
value: {{ .Values.secrets.notes.collaborationSecret | quote }} value: {{ .Values.secrets.notes.collaborationSecret | quote }}
existingSecret:
name: {{ .Values.externalSecrets.notes.collaborationSecret.name | quote }}
key: {{ .Values.externalSecrets.notes.collaborationSecret.key | quote }}
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
fqdn: "{{ .Values.global.hosts.notes }}.{{ .Values.global.domain }}"
tlsSecretName: {{ .Values.ingress.tls.secretName | quote }}
backend: backend:
image: image:
@@ -36,14 +46,23 @@ backend:
ai: ai:
apiKey: apiKey:
value: {{ .Values.ai.apiKey }} value: {{ .Values.ai.apiKey }}
existingSecret:
name: {{ .Values.externalSecrets.ai.apiKey.name | quote }}
key: {{ .Values.externalSecrets.ai.apiKey.key | quote }}
baseUrl: {{ .Values.ai.endpoint }} baseUrl: {{ .Values.ai.endpoint }}
model: {{ .Values.ai.model | quote }} model: {{ .Values.ai.model | quote }}
aws: aws:
endpointUrl: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }} endpointUrl: {{ printf "https://%s" (.Values.objectstores.notes.endpoint | default (printf "%s.%s" .Values.global.hosts.minioApi .Values.global.domain)) | quote }}
s3AccessKeyId: s3AccessKeyId:
value: {{ .Values.objectstores.notes.username }} value: {{ .Values.objectstores.notes.username }}
existingSecret:
name: {{ .Values.externalSecrets.objectstores.notes.s3AccessKeyId.name | quote }}
key: {{ .Values.externalSecrets.objectstores.notes.s3AccessKeyId.key | quote }}
s3SecretAccessKey: s3SecretAccessKey:
value: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }} value: {{ .Values.objectstores.notes.secretKey | default .Values.secrets.minio.notesUser | quote }}
existingSecret:
name: {{ .Values.externalSecrets.objectstores.notes.s3SecretAccessKey.name | quote }}
key: {{ .Values.externalSecrets.objectstores.notes.s3SecretAccessKey.key | quote }}
storageBucketName: {{ .Values.objectstores.notes.bucket }} storageBucketName: {{ .Values.objectstores.notes.bucket }}
collaboration: collaboration:
apiUrl: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }} apiUrl: {{ printf "https://%s.%s/collaboration/api/" .Values.global.hosts.notes .Values.global.domain | quote }}
@@ -53,9 +72,15 @@ backend:
name: {{ .Values.databases.notes.name | quote }} name: {{ .Values.databases.notes.name | quote }}
password: password:
value: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }} value: {{ .Values.databases.notes.password | default .Values.secrets.postgresql.notesUser | quote }}
existingSecret:
name: {{ .Values.externalSecrets.databases.notes.password.name | quote }}
key: {{ .Values.externalSecrets.databases.notes.password.key | quote }}
port: {{ .Values.databases.notes.port | quote }} port: {{ .Values.databases.notes.port | quote }}
user: user:
value: {{ .Values.databases.notes.username | quote }} value: {{ .Values.databases.notes.username | quote }}
existingSecret:
name: {{ .Values.externalSecrets.databases.notes.user.name | quote }}
key: {{ .Values.externalSecrets.databases.notes.user.key | quote }}
email: email:
brandName: "openDesk" brandName: "openDesk"
from: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.mailDomain | default .Values.global.domain }}" from: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.mailDomain | default .Values.global.domain }}"
@@ -64,14 +89,23 @@ backend:
logoImage: {{ printf "https://%s.%s/univention/portal/icons/entries/swp.notes.svg" .Values.global.hosts.nubus .Values.global.domain | quote }} logoImage: {{ printf "https://%s.%s/univention/portal/icons/entries/swp.notes.svg" .Values.global.hosts.nubus .Values.global.domain | quote }}
user: user:
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }} value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
existingSecret:
name: {{ .Values.externalSecrets.postfix.opendeskSystemUsername.name | quote }}
key: {{ .Values.externalSecrets.postfix.opendeskSystemUsername.key | quote }}
password: password:
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }} value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
existingSecret:
name: {{ .Values.externalSecrets.postfix.opendeskSystemPassword.name | quote }}
key: {{ .Values.externalSecrets.postfix.opendeskSystemPassword.key | quote }}
oidc: oidc:
enabled: true enabled: true
rpClientId: rpClientId:
value: "opendesk-notes" value: "opendesk-notes"
rpClientSecret: rpClientSecret:
value: {{ .Values.secrets.keycloak.clientSecret.notes | quote }} value: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
existingSecret:
name: {{ .Values.externalSecrets.keycloak.clientSecret.notes.name | quote }}
key: {{ .Values.externalSecrets.keycloak.clientSecret.notes.key | quote }}
opJWKSEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs" opJWKSEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth" opAuthorizationEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/auth"
opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
@@ -88,14 +122,26 @@ backend:
django: django:
secretKey: secretKey:
value: {{ .Values.secrets.notes.djangoSecretKey }} value: {{ .Values.secrets.notes.djangoSecretKey }}
existingSecret:
name: {{ .Values.externalSecrets.notes.django.secretKey.name | quote }}
key: {{ .Values.externalSecrets.notes.django.secretKey.key | quote }}
createSuperuser: true createSuperuser: true
superuserEmail: superuserEmail:
value: {{ printf "default.admin@%s" .Values.global.domain | quote }} value: {{ printf "default.admin@%s" .Values.global.domain | quote }}
existingSecret:
name: {{ .Values.externalSecrets.notes.django.superuserEmail.name | quote }}
key: {{ .Values.externalSecrets.notes.django.superuserEmail.key | quote }}
superuserPassword: superuserPassword:
value: {{ .Values.secrets.notes.superuser }} value: {{ .Values.secrets.notes.superuser }}
existingSecret:
name: {{ .Values.externalSecrets.notes.django.superuserPassword.name | quote }}
key: {{ .Values.externalSecrets.notes.django.superuserPassword.key | quote }}
frontendTheme: "openDesk" frontendTheme: "openDesk"
redisUrl: redisUrl:
value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7" value: "redis://default:{{ .Values.cache.notes.password | default .Values.secrets.redis.password }}@{{ .Values.cache.notes.host }}:{{ .Values.cache.notes.port }}/7"
existingSecret:
name: {{ .Values.externalSecrets.notes.redisUrl.name | quote }}
key: {{ .Values.externalSecrets.notes.redisUrl.key | quote }}
extraEnvVars: extraEnvVars:
- name: "FRONTEND_HOMEPAGE_FEATURE_ENABLED" - name: "FRONTEND_HOMEPAGE_FEATURE_ENABLED"
value: "False" value: "False"

42
helmfile/environments/default/external_secrets.yaml.gotmpl
View File

@@ -4,6 +4,10 @@ SPDX-License-Identifier: Apache-2.0
*/}} */}}
--- ---
externalSecrets: externalSecrets:
ai:
apiKey:
name: "a"
key: "aiapikey"
cache: cache:
intercom: intercom:
password: password:
@@ -42,6 +46,13 @@ externalSecrets:
username: username:
name: ~ name: ~
key: ~ key: ~
notes:
password:
name: "a"
key: "notesDatabasePassword"
user:
name: "a"
key: "notesDatabaseUser"
xwiki: xwiki:
password: password:
name: ~ name: ~
@@ -74,10 +85,13 @@ externalSecrets:
intercom: intercom:
name: ~ name: ~
key: ~ key: ~
xwiki: nextcloudOidc:
name: ~ name: ~
key: ~ key: ~
nextcloudOidc: notes:
name: "a"
key: "keycloaknotes"
xwiki:
name: ~ name: ~
key: ~ key: ~
minio: minio:
@@ -96,6 +110,23 @@ externalSecrets:
metricsToken: metricsToken:
name: ~ name: ~
key: ~ key: ~
notes:
collaborationSecret:
name: "a"
key: "notesCollaborationSecret"
django:
secretKey:
name: "a"
key: "notesDjangoSecretKey"
superuserEmail:
name: "a"
key: "notessuperuserEmail"
superuserPassword:
name: "a"
key: "notessuperuserPassword"
redisUrl:
name: "a"
key: "notesredisurl"
nubus: nubus:
ics: ics:
session: session:
@@ -125,6 +156,13 @@ externalSecrets:
secretKey: secretKey:
name: ~ name: ~
key: ~ key: ~
notes:
s3AccessKeyId:
name: "a"
key: "objectstoresNotesS3AccessKeyId"
s3SecretAccessKey:
name: "a"
key: "objectstoresNotesS3SecretAccessKey"
nubus: nubus:
accessKey: accessKey:
name: ~ name: ~