diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 782290d3..27d2270d 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -92,7 +92,7 @@ variables: - "yes" - "no" DEPLOY_UMS: - description: "Enable Univention Management Stack deployment." + description: "Enable Nubus deployment." value: "no" options: - "yes" diff --git a/.gitlab/lint/lint-kyverno.yml b/.gitlab/lint/lint-kyverno.yml index 9bd8af90..dc0caf06 100644 --- a/.gitlab/lint/lint-kyverno.yml +++ b/.gitlab/lint/lint-kyverno.yml @@ -17,12 +17,12 @@ lint-kyverno: - "intercom-service" - "jitsi" - "nextcloud" + - "nubus" - "open-xchange" - "openproject" - "openproject-bootstrap" - "provisioning" - "services" - - "univention-management-stack" - "xwiki" script: - "cd ${CI_PROJECT_DIR}/helmfile/apps/${APP}" diff --git a/docs/enhanced-configuration/idp-federation.md b/docs/enhanced-configuration/idp-federation.md index 0ff8ae1a..e01ace6a 100644 --- a/docs/enhanced-configuration/idp-federation.md +++ b/docs/enhanced-configuration/idp-federation.md @@ -146,8 +146,8 @@ The following configuration is taking place in the Keycloak realm `opendesk`. - *Client ID*: Use the client ID you took form your organization's IdP config (`opendesk-federation-client` in this example) - *Client Secret*: Use the secret you took form your organization's IdP config - When completed with *Add* you get to the detailed IdP configured that also needs some updates (you may need to open the *Advanced* section to access some settings) - - *Back-channel logout*: `On` - - *Disable user info*: `On` + - *Back-channel logout*: `On` + - *Disable user info*: `On` - *First login flow override*: `auto-federate-flow` - In case you want to forcefully redirect all users to your organizations IdP (disabling login with local openDesk accounts): diff --git a/docs/getting-started.md b/docs/getting-started.md index 6aafaf05..222a5929 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -100,29 +100,29 @@ export DOMAIN=domain.tld All available apps and their default value can be found in `helmfile/environments/default/workplace.yaml`. -| Component | Name | Default | Description | -| --------------------------- | ----------------------------------- | ------- | ------------------------------ | -| Certificates | `certificates.enabled` | `true` | TLS certificates | -| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | -| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | -| Collabora | `collabora.enabled` | `true` | Weboffice | -| CryptPad | `cryptpad.enabled` | `true` | Weboffice | -| Dovecot | `dovecot.enabled` | `true` | Mail backend | -| Element | `element.enabled` | `true` | Secure communications platform | -| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | -| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | -| MariaDB | `mariadb.enabled` | `true` | Database | -| Memcached | `memcached.enabled` | `true` | Cache Database | -| MinIO | `minio.enabled` | `true` | Object Storage | -| Nextcloud | `nextcloud.enabled` | `true` | File share | -| OpenProject | `openproject.enabled` | `true` | Project management | -| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | -| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | -| Postfix | `postfix.enabled` | `true` | MTA | -| PostgreSQL | `postgresql.enabled` | `true` | Database | -| Redis | `redis.enabled` | `true` | Cache Database | -| Univention Management Stack | `univentionManagementStack.enabled` | `true` | Identity Management & Portal | -| XWiki | `xwiki.enabled` | `true` | Knowledge management | +| Component | Name | Default | Description | +| -------------------- | --------------------------- | ------- | ------------------------------ | +| Certificates | `certificates.enabled` | `true` | TLS certificates | +| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | +| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | +| Collabora | `collabora.enabled` | `true` | Weboffice | +| CryptPad | `cryptpad.enabled` | `true` | Weboffice | +| Dovecot | `dovecot.enabled` | `true` | Mail backend | +| Element | `element.enabled` | `true` | Secure communications platform | +| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | +| Jitsi | `jitsi.enabled` | `true` | Videoconferencing | +| MariaDB | `mariadb.enabled` | `true` | Database | +| Memcached | `memcached.enabled` | `true` | Cache Database | +| MinIO | `minio.enabled` | `true` | Object Storage | +| Nextcloud | `nextcloud.enabled` | `true` | File share | +| OpenProject | `openproject.enabled` | `true` | Project management | +| OX Appsuite | `oxAppsuite.enabled` | `true` | Groupware | +| Provisioning | `oxConnector.enabled` | `true` | Backend provisioning | +| Postfix | `postfix.enabled` | `true` | MTA | +| PostgreSQL | `postgresql.enabled` | `true` | Database | +| Redis | `redis.enabled` | `true` | Cache Database | +| Nubus | `nubus.enabled` | `true` | Identity Management & Portal | +| XWiki | `xwiki.enabled` | `true` | Knowledge management | Exemplary, Jitsi can be disabled like: @@ -378,8 +378,7 @@ When all apps are successfully deployed and pod status' went to `Running` or `Su https://portal.domain.tld ``` -If you change the subdomain of `univentionManagementStack`, you need to replace `portal` -by your specified subdomain. +If you change the subdomain of `nubus`, you need to replace `portal` by your specified subdomain. **Credentials:** diff --git a/helmfile/apps/element/values-element.yaml.gotmpl b/helmfile/apps/element/values-element.yaml.gotmpl index 6cb19596..d1e6aecc 100644 --- a/helmfile/apps/element/values-element.yaml.gotmpl +++ b/helmfile/apps/element/values-element.yaml.gotmpl @@ -5,15 +5,15 @@ configuration: endToEndEncryption: true additionalConfiguration: - logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" "net.nordeck.element_web.module.opendesk": config: banner: ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json" ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent" - portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" - portal_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/" + portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" + portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/" custom_css_variables: --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }} --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }} diff --git a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl index 3cd53369..8093a827 100644 --- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl +++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl @@ -48,7 +48,7 @@ configuration: value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }} ldap: host: {{ .Values.ldap.host | quote }} - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.nextcloud | quote }} + password: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }} adminGroupName: "managed-by-attribute-FileshareAdmin" objectstore: auth: diff --git a/helmfile/apps/nubus/helmfile-child.yaml b/helmfile/apps/nubus/helmfile-child.yaml index ceff1c7c..76d3b491 100644 --- a/helmfile/apps/nubus/helmfile-child.yaml +++ b/helmfile/apps/nubus/helmfile-child.yaml @@ -31,7 +31,7 @@ releases: - "values-nubus.yaml.gotmpl" - "values-opendesk-customization.yaml.gotmpl" - "values-opendesk-images.yaml.gotmpl" - installed: {{ .Values.univentionManagementStack.enabled }} + installed: {{ .Values.nubus.enabled }} timeout: 900 # OpenDesk Keycloak Bootstrap Chart - name: "opendesk-keycloak-bootstrap" @@ -41,10 +41,10 @@ releases: - "values-opendesk-keycloak-bootstrap.yaml.gotmpl" needs: - "ums" - installed: {{ .Values.univentionManagementStack.enabled }} + installed: {{ .Values.nubus.enabled }} timeout: 900 commonLabels: deploy-stage: "component-1" - component: "univention-management-stack" + component: "nubus" ... diff --git a/helmfile/apps/nubus/values-nubus.yaml.gotmpl b/helmfile/apps/nubus/values-nubus.yaml.gotmpl index cd314df3..e8faffe4 100644 --- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl +++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl @@ -13,17 +13,17 @@ global: keycloak: realm: {{ .Values.platform.realm | quote }} objectStorage: - bucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} + bucket: {{ .Values.objectstores.nubus.bucket | quote }} connection: host: "minio" port: "9000" protocol: "http" credentialOverride: ldapServer: - adminPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote}} + adminPassword: {{ .Values.secrets.nubus.ldapSecret | quote}} defaultUsers: - defaultAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote}} - defaultUserPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote}} + defaultAdminPassword: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote}} + defaultUserPassword: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote}} @@ -138,8 +138,8 @@ nubusKeycloakExtensions: nubusPortalListener: portalListener: - objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} - objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} + objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} + objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }} objectStorageCredentialSecret: name: "ums-portal-listener-minio-opendesk-credentials" accessKeyKey: "access-key-id" @@ -147,8 +147,8 @@ nubusPortalListener: nubusPortalServer: portalServer: - objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} - objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} + objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }} + objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }} objectStorageCredentialSecret: name: "ums-portal-server-minio-opendesk-credentials" accessKeyKey: "access-key-id" @@ -184,7 +184,7 @@ nubusStackDataUms: nubusStackDataSwp: stackDataContext: ldapSearchUsers: - {{- range $username, $password := .Values.secrets.univentionManagementStack.ldapSearch }} + {{- range $username, $password := .Values.secrets.nubus.ldapSearch }} - username: {{ printf "ldapsearch_%s" $username | quote }} password: {{ $password | quote }} lastname: "LDAP-Search-User" @@ -280,12 +280,12 @@ extraSecrets: umcKeycloakExtensionsSmtpPassword: {{ .Values.smtp.password | quote }} - name: "ums-portal-server-minio-opendesk-credentials" stringData: - access-key-id: {{ .Values.objectstores.univentionManagementStack.username | quote }} - secret-key-id: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} + access-key-id: {{ .Values.objectstores.nubus.username | quote }} + secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} - name: "ums-portal-listener-minio-opendesk-credentials" stringData: - access-key-id: {{ .Values.objectstores.univentionManagementStack.username | quote }} - secret-key-id: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }} + access-key-id: {{ .Values.objectstores.nubus.username | quote }} + secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }} - name: "ums-umc-server-smtp-credentials-custom" stringData: password: {{ .Values.smtp.password | quote }} diff --git a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl index 8c9e4140..edaa30ae 100644 --- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl @@ -89,7 +89,7 @@ nubusPortalListener: {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }} persistence: storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.univentionManagementStack.portalListener | quote }} + size: {{ .Values.persistence.size.nubus.portalListener | quote }} nubusPortalServer: additionalAnnotations: @@ -118,7 +118,7 @@ nubusLdapServer: resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }} persistence: storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }} - size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }} + size: {{ .Values.persistence.size.nubus.ldapServerData | quote }} extraVolumes: - name: "opendesk-schemas" configMap: diff --git a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl index 51124369..e143718d 100644 --- a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl +++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl @@ -461,7 +461,7 @@ config: redirectUris: - "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*" - "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" standardFlowEnabled: true directAccessGrantsEnabled: true serviceAccountsEnabled: true @@ -472,7 +472,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/_synapse/client/oidc/backchannel_logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-matrix-scope" # The following is a temporary OIDC client for matrix, as the OIDC logout still uses "matrix" as client ID. @@ -488,7 +488,7 @@ config: publicClient: false authorizationServicesEnabled: false attributes: - post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: [] optionalClientScopes: [] - name: "opendesk-nextcloud" @@ -498,7 +498,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }} redirectUris: - "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -506,7 +506,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/index.php/apps/user_oidc/backchannel-logout/opendesk" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-nextcloud-scope" - "read_contacts" @@ -518,7 +518,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }} redirectUris: - "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -527,7 +527,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/auth/keycloak/backchannel-logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-openproject-scope" - name: "opendesk-oxappsuite" @@ -537,7 +537,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }} redirectUris: - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -545,7 +545,7 @@ config: attributes: backchannel.logout.session.required: true backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-oxappsuite-scope" - "read_contacts" @@ -557,7 +557,7 @@ config: secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }} redirectUris: - "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*" - - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" consentRequired: false frontchannelLogout: false publicClient: false @@ -565,7 +565,7 @@ config: attributes: backchannel.logout.session.required: false backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/oidc/authenticator/backchannel_logout" - post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*" + post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*" defaultClientScopes: - "opendesk-xwiki-scope" diff --git a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl index ab3cca41..0b98959e 100644 --- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl @@ -23,7 +23,7 @@ dovecot: port: 389 base: "dc=swp-ldap,dc=internal" dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal" - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.dovecot | quote }} + password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }} oidc: enabled: true clientID: "opendesk-dovecot" diff --git a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl index 502e6742..71aa7fdd 100644 --- a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl @@ -23,7 +23,7 @@ appsuite: type: "adminDN" adminDN: dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" - password: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }} + password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} uiSettings: # Enterprise contact picker diff --git a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl index 686b7dda..378797c0 100644 --- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl +++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl @@ -185,7 +185,7 @@ appsuite: com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout" com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token" com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth" - com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout" com.openexchange.oidc.ssoLogout: "true" com.openexchange.oidc.startDefaultBackend: "true" @@ -269,7 +269,7 @@ appsuite: /opt/open-xchange/etc/ldapauth.properties: java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal" bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" - bindDNPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }} + bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }} bindOnly: "false" /opt/open-xchange/etc/antivirus.properties: com.openexchange.antivirus.enabled: "true" @@ -311,7 +311,7 @@ appsuite: # io.ox/mail//contactCollectOnMailAccess: "true" # Dynamic theme io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }} - io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" + io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }} io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }} io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }} diff --git a/helmfile/apps/openproject/values.yaml.gotmpl b/helmfile/apps/openproject/values.yaml.gotmpl index fdd7627d..7c01fd28 100644 --- a/helmfile/apps/openproject/values.yaml.gotmpl +++ b/helmfile/apps/openproject/values.yaml.gotmpl @@ -37,7 +37,7 @@ environment: # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }} OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389" - OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSearch.openproject | quote }} + OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }} OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap" OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal" OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal" @@ -57,7 +57,7 @@ environment: OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }} OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }} OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }} - OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }} OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }} OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }} @@ -68,7 +68,7 @@ environment: OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true" OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer" OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}" - OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} + OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }} OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/" {{- if .Values.enterprise.openproject.token }} diff --git a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl index 2c55f6da..b36e67a0 100644 --- a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl +++ b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl @@ -21,7 +21,7 @@ oxConnector: domainName: {{ .Values.global.domain | quote }} ldapHost: {{ .Values.ldap.host | quote }} logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }} - ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} + ldapPassword: {{ .Values.secrets.nubus.ldapSecret | quote }} ldapBaseDn: "dc=swp-ldap,dc=internal" ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal" tlsMode: "off" diff --git a/helmfile/apps/services/values-minio.yaml.gotmpl b/helmfile/apps/services/values-minio.yaml.gotmpl index eca50f92..ac184b1e 100644 --- a/helmfile/apps/services/values-minio.yaml.gotmpl +++ b/helmfile/apps/services/values-minio.yaml.gotmpl @@ -98,7 +98,7 @@ provisioning: - name: {{ .Values.objectstores.openproject.bucket | quote }} versioning: true withLock: false - - name: {{ .Values.objectstores.univentionManagementStack.bucket | quote }} + - name: {{ .Values.objectstores.nubus.bucket | quote }} versioning: false withLock: false policies: @@ -169,7 +169,7 @@ provisioning: policies: - "openproject-bucket-policy" setPolicies: true - - username: {{ .Values.objectstores.univentionManagementStack.username | quote }} + - username: {{ .Values.objectstores.nubus.username | quote }} password: {{ .Values.secrets.minio.umsUser | quote }} disabled: false policies: diff --git a/helmfile/apps/services/values-otterize.yaml.gotmpl b/helmfile/apps/services/values-otterize.yaml.gotmpl index de056d6f..5665fda7 100644 --- a/helmfile/apps/services/values-otterize.yaml.gotmpl +++ b/helmfile/apps/services/values-otterize.yaml.gotmpl @@ -41,7 +41,7 @@ apps: redis: enabled: {{ .Values.redis.enabled }} univentionManagementStack: - enabled: {{ .Values.univentionManagementStack.enabled }} + enabled: {{ .Values.nubus.enabled }} xwiki: enabled: {{ .Values.xwiki.enabled }} diff --git a/helmfile/apps/xwiki/values.yaml.gotmpl b/helmfile/apps/xwiki/values.yaml.gotmpl index 2a3d9337..26f79621 100644 --- a/helmfile/apps/xwiki/values.yaml.gotmpl +++ b/helmfile/apps/xwiki/values.yaml.gotmpl @@ -55,7 +55,7 @@ customConfigs: xwiki.authentication.ldap.port: 389 ## Authentication to the LDAP server xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal" - xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }} + xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }} ## Base DN used for searching for users xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal" ## Allow short update cycles of the LDAP group cache @@ -83,8 +83,8 @@ customConfigs: # yamllint disable-line rule:line-length oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype" url.trustedDomains: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}" - workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json" - workplaceServices.base: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}" + workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json" + workplaceServices.base: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" workplaceServices.portalSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }} openoffice.serverType: "0" notifications.emails.live.graceTime: "5" diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml index e42ddd49..7a1bd975 100644 --- a/helmfile/environments/default/charts.yaml +++ b/helmfile/environments/default/charts.yaml @@ -200,7 +200,7 @@ charts: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations" name: "opendesk-migrations" - version: "1.1.0" + version: "1.1.1" verify: true minio: # providerCategory: "Community" diff --git a/helmfile/environments/default/global.gotmpl b/helmfile/environments/default/global.gotmpl index b126028d..3c04ada5 100644 --- a/helmfile/environments/default/global.gotmpl +++ b/helmfile/environments/default/global.gotmpl @@ -40,11 +40,11 @@ global: minioApi: "minio" minioConsole: "minio-console" nextcloud: "fs" + nubus: "portal" openproject: "project" openxchange: "webmail" synapse: "matrix" synapseFederation: "matrix-federation" - univentionManagementStack: "portal" whiteboard: "whiteboard" xwiki: "wiki" diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 8d1f9911..7d77108a 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -205,7 +205,7 @@ images: # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations" - tag: "1.1.0@sha256:328ccb92ff2c826ffb12d9e1838f719f160158f693d5e1c06640be221a4e45ea" + tag: "1.1.4@sha256:24ebdfee9dfa5f54447bd6a0c4ab86c6eced47475ba4e7c1f6c13bc21e33a528" milter: # providerCategory: "Community" # providerResponsible: "openDesk" diff --git a/helmfile/environments/default/objectstores.yaml b/helmfile/environments/default/objectstores.yaml index 9b0d8ad4..ac98652d 100644 --- a/helmfile/environments/default/objectstores.yaml +++ b/helmfile/environments/default/objectstores.yaml @@ -33,7 +33,7 @@ objectstores: username: "openproject_user" pathStyle: true useIamProfile: false - univentionManagementStack: + nubus: bucket: "ums" endpoint: "" region: "eu-west-1" diff --git a/helmfile/environments/default/opendesk_main.gotmpl b/helmfile/environments/default/opendesk_main.gotmpl index b5de7f29..9600dfe9 100644 --- a/helmfile/environments/default/opendesk_main.gotmpl +++ b/helmfile/environments/default/opendesk_main.gotmpl @@ -49,6 +49,9 @@ minio: nextcloud: enabled: true namespace: {{ env "NAMESPACE" | quote }} +nubus: + enabled: true + namespace: {{ env "NAMESPACE" | quote }} openproject: enabled: true namespace: {{ env "NAMESPACE" | quote }} @@ -67,9 +70,6 @@ postgresql: redis: enabled: true namespace: {{ env "NAMESPACE" | quote }} -univentionManagementStack: - enabled: true - namespace: {{ env "NAMESPACE" | quote }} xwiki: enabled: true namespace: {{ env "NAMESPACE" | quote }} diff --git a/helmfile/environments/default/persistence.yaml b/helmfile/environments/default/persistence.yaml index 441a4d06..fcf87812 100644 --- a/helmfile/environments/default/persistence.yaml +++ b/helmfile/environments/default/persistence.yaml @@ -16,7 +16,7 @@ persistence: prosody: "1Gi" redis: "1Gi" synapse: "1Gi" - univentionManagementStack: + nubus: ldapServerData: "1Gi" ldapServerShared: "1Gi" portalListener: "1Gi" diff --git a/helmfile/environments/default/secrets.gotmpl b/helmfile/environments/default/secrets.gotmpl index 60f73130..f286d044 100644 --- a/helmfile/environments/default/secrets.gotmpl +++ b/helmfile/environments/default/secrets.gotmpl @@ -18,7 +18,7 @@ secrets: cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }} shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }} sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryption_key" | sha1sum | quote }} - univentionManagementStack: + nubus: ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }} ldapSearch: keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }} diff --git a/helmfile/environments/test/values.yaml.gotmpl b/helmfile/environments/test/values.yaml.gotmpl index bd1f8c97..0c2bec83 100644 --- a/helmfile/environments/test/values.yaml.gotmpl +++ b/helmfile/environments/test/values.yaml.gotmpl @@ -18,16 +18,16 @@ persistence: mariadb: "42Gi" matrixNeoDateFixBot: "42Gi" minio: "42Gi" + nubus: + ldapServerData: "42Gi" + ldapServerShared: "42Gi" + portalListener: "42Gi" + selfserviceListener: "42Gi" postfix: "42Gi" postgresql: "42Gi" prosody: "42Gi" redis: "42Gi" synapse: "42Gi" - univentionManagementStack: - ldapServerData: "42Gi" - ldapServerShared: "42Gi" - portalListener: "42Gi" - selfserviceListener: "42Gi" xwiki: "42Gi" ingress: ingressClassName: "kyverno"