fix(helmfile): Support PostgreSQL as alternative database backend for Nextcloud and XWiki. **Note:** PostgreSQL is likely to become the preferred option/default in the future and MariaDB might be deprecated at a later point.

helmfile/environments/default/charts.yaml.gotmpl

@@ -434,7 +434,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql"
     name: "postgresql"
-    version: "2.1.1"
+    version: "2.1.2"
     verify: true
   redis:
     # providerCategory: "Community"

helmfile/environments/default/database.yaml.gotmpl

@@ -1,10 +1,13 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
+#
+# See `external-services.md` for more details on the database configuration
 ---
 databases:
   defaults:
     userConnectionLimit: 100
   keycloak:
+    type: "postgresql"
     name: "keycloak"
     host: "postgresql"
     port: 5432
@@ -12,6 +15,7 @@ databases:
     password: ""
     connectionLimit: ~
   keycloakExtension:
+    type: "postgresql"
     name: "keycloak_extensions"
     host: "postgresql"
     port: 5432
@@ -19,6 +23,8 @@ databases:
     password: ""
     connectionLimit: ~
   nextcloud:
+    # Nextcloud itself also supports `postgresql` or `oci`
+    type: "mariadb"
     name: "nextcloud"
     host: "mariadb"
     port: 3306
@@ -26,6 +32,7 @@ databases:
     password: ""
     connectionLimit: ~
   notes:
+    type: "postgresql"
     name: "notes"
     host: "postgresql"
     port: 5432
@@ -33,6 +40,7 @@ databases:
     password: ""
     connectionLimit: ~
   openproject:
+    type: "postgresql"
     name: "openproject"
     host: "postgresql"
     port: 5432
@@ -40,6 +48,7 @@ databases:
     password: ""
     connectionLimit: ~
   oxAppSuite:
+    type: "mariadb"
     name: "configdb"
     host: "mariadb"
     port: 3306
@@ -47,6 +56,7 @@ databases:
     password: ""
     connectionLimit: ~
   synapse:
+    type: "postgresql"
     name: "matrix"
     host: "postgresql"
     port: 5432
@@ -69,6 +79,7 @@ databases:
     connectionPoolMax: "5"
     connectionLimit: ~
   umsGuardianManagementApi:
+    type: "postgresql"
     name: "guardianmanagementapi"
     host: "postgresql"
     port: 5432
@@ -76,6 +87,7 @@ databases:
     password: ""
     connectionLimit: ~
   umsNotificationsApi:
+    type: "postgresql"
     name: "notificationsapi"
     host: "postgresql"
     port: 5432
@@ -83,6 +95,7 @@ databases:
     password: ""
     connectionLimit: ~
   umsSelfservice:
+    type: "postgresql"
     name: "selfservice"
     host: "postgresql"
     port: 5432
@@ -90,6 +103,8 @@ databases:
     password: ""
     connectionLimit: 10
   xwiki:
+    # XWiki itself also supports `postgresql`
+    type: "mariadb"
     name: "xwiki"
     host: "mariadb"
     port: 3306

helmfile/environments/default/images.yaml.gotmpl

@@ -868,7 +868,7 @@ images:
     registry: "registry-1.docker.io"
     repository: "library/nginx"
     tag: "1.27.3-alpine3.20@sha256:41523187cf7d7a2f2677a80609d9caa14388bf5c1fbca9c410ba3de602aaaab4"
-  xwiki:
+  xwikiMariadb:
     # providerCategory: "Supplier"
     # providerResponsible: "XWiki"
     # upstreamRegistry: "https://git.xwikisas.com:5050"
@@ -878,4 +878,14 @@ images:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
     tag: "0.23-mariadb-jetty-alpine@sha256:d358212cc5c3addc4be02cfd0f2b08aa8b88399ac5848e152111f231356558da"
+  xwikiPostgres:
+    # providerCategory: "Supplier"
+    # providerResponsible: "XWiki"
+    # upstreamRegistry: "https://git.xwikisas.com:5050"
+    # upstreamRepository: "xwikisas/swp/xwiki"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)-postgres.+$'
+    # upstreamMirrorStartFrom: ["0", "23"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
+    tag: "0.23-postgres-jetty-alpine@sha256:01f7d6fd8397a7903c23452cded4866220d733554066b6f5746eecde183fe15a"
 ...

helmfile/environments/default/secrets.yaml.gotmpl

@@ -57,11 +57,13 @@ secrets:
     keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
     keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
     matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
+    nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "nextcloud_user" | sha1sum | quote }}
     notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }}
     openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}
     umsNotificationsApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notificationsapi_user" | sha1sum | quote }}
     umsGuardianManagementApiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "guardianmanagementapi_user" | sha1sum | quote }}
     umsSelfserviceUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "selfservice_user" | sha1sum | quote }}
+    xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "xwiki_user" | sha1sum | quote }}
   mariadb:
     rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
     xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}