sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-08 16:28:36 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(nextcloud): Set admin priviledges for users in central IAM

Browse Source
This commit is contained in:
Thorsten Roßner
2024-02-17 13:14:25 +01:00
parent 17fa80d20a
commit a3e415d575
5 changed files with 20 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
View File

@@ -47,6 +47,7 @@ configuration:
ldap: ldap:
host: {{ .Values.ldap.host | quote }} host: {{ .Values.ldap.host | quote }}
password: {{ .Values.secrets.univentionManagementStack.ldapSearch.nextcloud | quote }} password: {{ .Values.secrets.univentionManagementStack.ldapSearch.nextcloud | quote }}
adminGroupName: "managed-by-attribute-FileshareAdmin"
objectstore: objectstore:
auth: auth:
accessKey: accessKey:

3
helmfile/apps/univention-management-stack/values-stack-data-ums.yaml.gotmpl
View File

@@ -46,7 +46,8 @@ stackDataContext:
umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }} umcSamlSpFqdn: {{ printf "%s.%s" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }} idpFqdn: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }} ldapSamlSpUrls: {{ printf "https://%s.%s%s" .Values.global.hosts.univentionManagementStack .Values.global.domain "/univention/saml/metadata" | quote }}
initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword | quote }} initialPasswordAdministrator: {{ .Values.secrets.univentionManagementStack.systemAccounts.administratorPassword | quote }}
initialPasswordSysIdpUser: {{ .Values.secrets.univentionManagementStack.systemAccounts.sysIdpUserPassword | quote }}
stackDataUms: stackDataUms:
loadDevData: true loadDevData: true

4
helmfile/environments/default/charts.yaml
View File

@@ -651,7 +651,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror" repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "stack-data-swp" name: "stack-data-swp"
version: "0.41.8" version: "0.44.0"
verify: true verify: true
# @supplier: "Univention" # @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
@@ -665,7 +665,7 @@ charts:
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/charts-mirror" repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
name: "stack-data-ums" name: "stack-data-ums"
version: "0.41.8" version: "0.44.0"
verify: true verify: true
# @supplier: "Univention" # @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'

2
helmfile/environments/default/images.yaml
View File

@@ -586,7 +586,7 @@ images:
# dependencyType=supplier # dependencyType=supplier
registry: "registry.opencode.de" registry: "registry.opencode.de"
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader" repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
tag: "0.41.5@sha256:9978e5eae3846e3c32effb2e602136d8855aaec287fb280a54b311defab2fbf3" tag: "0.44.0@sha256:c08d619880537c03ebdcdc19fa9746bf5098e3810d85487d47676f3846c6b16c"
# @supplier: "Univention" # @supplier: "Univention"
# @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$' # @mirrorFilter: '^(\d+)\.(\d+)\.(\d+)$'
# @mirrorFrom: ['0', '41', '5'] # @mirrorFrom: ['0', '41', '5']

23
helmfile/environments/default/secrets.gotmpl
View File

@@ -14,16 +14,21 @@ secrets:
univentionManagementStack: univentionManagementStack:
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }} ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
ldapSearch: ldapSearch:
keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_keycloak" | sha1sum | quote }} keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }}
nextcloud: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_nextcloud" | sha1sum | quote }} nextcloud: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_nextcloud" | sha1sum | quote }}
dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_dovecot" | sha1sum | quote }} dovecot: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_dovecot" | sha1sum | quote }}
ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_ox" | sha1sum | quote }} ox: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_ox" | sha1sum | quote }}
openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_openproject" | sha1sum | quote }} openproject: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_openproject" | sha1sum | quote }}
xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "ldapsearch_xwiki" | sha1sum | quote }} xwiki: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_xwiki" | sha1sum | quote }}
defaultAccounts: defaultAccounts:
administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "Administrator" "ums" | sha1sum | quote }} userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "default_accounts_user_password" | sha1sum | quote }}
userPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_password" | sha1sum | quote }} adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "default_accounts_user_admin" | sha1sum | quote }}
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ucs" "default_accounts_user_admin" | sha1sum | quote }} systemAccounts:
administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "Administrator" | sha1sum | quote }}
sysIdpUserPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "sysIdpUser" | sha1sum | quote }}
storeDavUsers:
portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
postgresql: postgresql:
postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }} postgresUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "postgres_user" | sha1sum | quote }}
keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }} keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}