feat(nextcloud): Update from 30.0.10 to 31.0.6 and support for notify-push

.gitlab-ci.yml

@@ -292,7 +292,12 @@ db-cleanup:
           exit 1
           ;;
       esac
-    - export FILES=(${CI_PROJECT_DIR}/helmfile/environments/default/database.yaml.gotmpl ${CI_PROJECT_DIR}/helmfile/environments/dev/write-over-values-for-environment.yaml.gotmpl ${CI_PROJECT_DIR}/helmfile/environments/dev/values.yaml.gotmpl)
+    - |
+      export FILES=(
+        "${CI_PROJECT_DIR}/helmfile/environments/default/database.yaml.gotmpl"
+        "${CI_PROJECT_DIR}/helmfile/environments/dev/write-over-values-for-environment.yaml.gotmpl"
+        "${CI_PROJECT_DIR}/helmfile/environments/dev/values.yaml.gotmpl"
+      )
     # Cleanup MariaDB
     - |
       export DATABASES="oxAppSuite"
@@ -727,7 +732,8 @@ diff-on-branch:
       BASE_URL="https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/archive"
       FILE_NAME="opendesk-${SAFE_BRANCH_NAME}.tar.gz"
       curl -L "${BASE_URL}/${DIFF_ON_BRANCH}/${FILE_NAME}" -o branch.tar.gz
-      mkdir ${DIFF_ON_BRANCH_SUBDIRECTORY} && tar -xzf branch.tar.gz -C ${DIFF_ON_BRANCH_SUBDIRECTORY} --strip-components=1
+      mkdir ${DIFF_ON_BRANCH_SUBDIRECTORY} &&
+        tar -xzf branch.tar.gz -C ${DIFF_ON_BRANCH_SUBDIRECTORY} --strip-components=1
       cd ${DIFF_ON_BRANCH_SUBDIRECTORY}
       helmfile --namespace ${NAMESPACE} diff | grep -v '^ ' || true
   tags:
@@ -763,6 +769,7 @@ import-default-accounts:
         --admin_enable_knowledgemanagement True \
         --admin_enable_projectmanagement True \
         --create_admin_accounts True \
+        --create_maildomains True \
         --verify_certificate False
 
 run-tests:

README.md

@@ -37,7 +37,7 @@ openDesk currently features the following functional main components:
 | Chat & collaboration | Element ft. Nordeck widgets | [1.11.89](https://github.com/element-hq/element-desktop/releases/tag/v1.11.89)                                                | [For the most recent release](https://element.io/user-guide)                                                                          |
 | Collaborative notes  | Notes (aka Docs)            | [3.2.1](https://github.com/suitenumerique/docs/releases/tag/v3.2.1)                                                           | Online documentation/welcome document available in installed application                                                              |
 | Diagram editor       | CryptPad ft. diagrams.net   | [2024.9.0](https://github.com/cryptpad/cryptpad/releases/tag/2024.9.0)                                                        | [For the most recent release](https://docs.cryptpad.org/en/)                                                                          |
-| File management      | Nextcloud                   | [30.0.10](https://nextcloud.com/de/changelog/#30-0-10)                                                                        | [Nextcloud 30](https://docs.nextcloud.com/)                                                                                           |
+| File management      | Nextcloud                   | [31.0.6](https://nextcloud.com/de/changelog/#31-0-6)                                                                          | [Nextcloud 31](https://docs.nextcloud.com/)                                                                                           |
 | Groupware            | OX App Suite                | [8.38](https://documentation.open-xchange.com/appsuite/releases/8.38/)                                                        | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
 | Knowledge management | XWiki                       | [16.10.5](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.10.5/)                                              | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                     |
 | Portal & IAM         | Nubus                       | [1.11.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html#version-1-11-1-2025-07-02) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                             |

docs/getting-started.md

@@ -226,7 +226,10 @@ cluster:
 
 ### Ingress
 
-You need to explicitly set the `ingressClassName`, as openDesk defines it as an empty string by default. This prevents fallback to the cluster’s default ingress class, since the Helm charts used by openDesk components are not consistently aligned in how they handle a missing or empty `ingressClassName`.
+The default value for the `ingressClassName` in openDesk is set to `nginx`. This prevents fallback to the
+cluster’s default ingress class, since the Helm charts used by openDesk components are not consistently aligned in
+how they handle a missing or empty `ingressClassName`. In case you are using a non-standard `ingressClassName` for
+your `ingress-nginx` controller you have to configure it as follows:
 
 ```yaml
 ingress:

helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl

@@ -24,9 +24,9 @@ releases:
     chart: "nextcloud-repo/{{ .Values.charts.nextcloudManagement.name }}"
     version: "{{ .Values.charts.nextcloudManagement.version }}"
     values:
-      - "values-nextcloud-mgmt.yaml.gotmpl"
+      - "values-nextcloud-management.yaml.gotmpl"
       {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
-      - "values-nextcloud-mgmt-enterprise.yaml.gotmpl"
+      - "values-nextcloud-management-ee.yaml.gotmpl"
       {{- end }}
       {{- range .Values.customization.release.opendeskNextcloudManagement }}
       - {{ . }}
@@ -34,14 +34,14 @@ releases:
     waitForJobs: true
     wait: true
     installed: {{ .Values.apps.nextcloud.enabled }}
-    timeout: 900
+    timeout: 1800
   - name: "opendesk-nextcloud"
     chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}"
     version: "{{ .Values.charts.nextcloud.version }}"
     values:
       - "values-nextcloud.yaml.gotmpl"
       {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
-      - "values-nextcloud-enterprise.yaml.gotmpl"
+      - "values-nextcloud-ee.yaml.gotmpl"
       {{- end }}
       {{- range .Values.customization.release.opendeskNextcloud }}
       - {{ . }}
@@ -49,6 +49,23 @@ releases:
     needs:
       - "opendesk-nextcloud-management"
     installed: {{ .Values.apps.nextcloud.enabled }}
+    timeout: 1800
+  - name: "opendesk-nextcloud-notifypush"
+    chart: "nextcloud-repo/{{ .Values.charts.nextcloudNotifyPush.name }}"
+    version: "{{ .Values.charts.nextcloudNotifyPush.version }}"
+    values:
+      - "values-nextcloud-notifypush.yaml.gotmpl"
+      {{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
+      - "values-nextcloud-notifypush-ee.yaml.gotmpl"
+      {{- end }}
+      {{- range .Values.customization.release.opendeskNextcloudNotifyPush }}
+      - {{ . }}
+      {{- end }}
+    wait: true
+    needs:
+      - "opendesk-nextcloud"
+    installed: {{ and .Values.apps.nextcloud.enabled (gt .Values.replicas.nextcloudNotifyPush 0) }}
+    timeout: 1800
 
 commonLabels:
   deployStage: "050-components"

helmfile/apps/nextcloud/values-nextcloud-management.yaml.gotmpl

@@ -67,6 +67,8 @@ configuration:
         enabled: true
       integrationOpenproject:
         enabled: {{ .Values.apps.openproject.enabled }}
+      notifyPush:
+        enabled: {{ gt .Values.replicas.nextcloudNotifyPush 0 }}
       spreed:
         enabled: true
     circles:
@@ -101,7 +103,9 @@ configuration:
         {{- end }}
 
   ldap:
+    base: {{ .Values.ldap.baseDn | quote }}
     host: {{ .Values.ldap.host | quote }}
+    dn: "uid=ldapsearch_nextcloud,cn=users,{{ .Values.ldap.baseDn }}"
     password:
       value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
     adminGroupName: "managed-by-attribute-FileshareAdmin"

helmfile/apps/nextcloud/values-nextcloud-notifypush-ee.yaml.gotmpl

@@ -0,0 +1,8 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
+...

helmfile/apps/nextcloud/values-nextcloud-notifypush.yaml.gotmpl

@@ -0,0 +1,143 @@
+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+additionalAnnotations:
+  intents.otterize.com/service-name: "opendesk-nextcloud-notifypush"
+  {{- with .Values.annotations.nextcloudNotifyPush.additional }}
+  {{ . | toYaml | nindent 4 }}
+  {{- end }}
+
+configuration:
+  cache:
+    auth:
+      enabled: true
+      username:
+        value: {{ .Values.cache.nextcloud.username }}
+      password:
+        value: {{ .Values.cache.nextcloud.password | default .Values.secrets.redis.password | quote }}
+    host: {{ .Values.cache.nextcloud.host | quote }}
+    port: {{ .Values.cache.nextcloud.port | quote }}
+    tls: {{ .Values.cache.nextcloud.tls }}
+  database:
+    {{ if eq .Values.databases.nextcloud.type "mariadb" }}
+    type: "mysql"
+    {{ else if eq .Values.databases.nextcloud.type "postgresql" }}
+    type: "postgres"
+    {{ else }}
+    {{ .Values.databases.nextcloud.type | quote }}
+    {{ end }}
+    host: {{ .Values.databases.nextcloud.host | quote }}
+    port: {{ .Values.databases.nextcloud.port | quote }}
+    name: {{ .Values.databases.nextcloud.name | quote }}
+    auth:
+      username:
+        value: {{ .Values.databases.nextcloud.username | quote }}
+      password:
+        {{- if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
+        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+        {{- else if or (eq .Values.databases.nextcloud.type "postgresql") (eq .Values.databases.nextcloud.type "psql") }}
+        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.postgresql.nextcloudUser | quote }}
+        {{- else }}
+        value: {{ .Values.databases.nextcloud.password | quote }}
+        {{- end }}
+  trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
+  # Nextcloud connection
+  # FIXME: Dynamically get the service name of the `opendesk-nextcloud-aio` chart
+  # IDEA: helmfile > service-names.yaml.gotmpl with service names (external/internal)
+  # So this is controller on a more "global" level
+  # TODO: Find a sensible default
+  nextcloudUrl: "http://opendesk-nextcloud-aio"
+  logging:
+    # Default value for logging is "error" we bump it to "info" for better information in logs
+    # NOTE: "trace", which includes "debug" might be too verbose
+    # https://docs.rs/env_logger/latest/env_logger/#enabling-logging
+    level: {{ if .Values.debug.enabled }}"debug"{{ else }}"info"{{ end }}
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  runAsUser: 101
+  runAsGroup: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
+{{- if .Values.certificate.selfSigned }}
+extraEnvVars:
+  - name: "FS_ENV_CA_CERTIFICATE_PATH"
+    value: "/etc/ssl/certs/ca-certificates.crt"
+extraVolumes:
+  - name: "trusted-cert-secret-volume"
+    secret:
+      secretName: "opendesk-certificates-ca-tls"
+      items:
+        - key: "ca.crt"
+          path: "ca-certificates.crt"
+extraVolumeMounts:
+  - name: "trusted-cert-secret-volume"
+    mountPath: "/etc/ssl/certs/ca-certificates.crt"
+    subPath: "ca-certificates.crt"
+{{- end }}
+image:
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nextcloud.registry | quote }}
+  repository: {{ .Values.images.nextcloud.repository | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  tag: {{ .Values.images.nextcloud.tag | quote }}
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  annotations:
+    {{- with .Values.annotations.nextcloudNotifyPush.ingress }}
+      {{ . | toYaml | nindent 6 }}
+    {{- end }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  host: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
+  tls:
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+metrics:
+  enabled: true
+  service:
+    annotations:
+      {{ .Values.annotations.nextcloudNotifyPush.serviceMetrics | toYaml | nindent 6 }}
+
+podAnnotations:
+  {{ .Values.annotations.nextcloudNotifyPush.pod | toYaml | nindent 4 }}
+podSecurityContext:
+  fsGroup: 101
+# prometheus:
+#   serviceMonitor:
+#     enabled: { .Values.monitoring.prometheus.serviceMonitors.enabled }}
+#     labels:
+#       { .Values.monitoring.prometheus.serviceMonitors.labels | toYaml | nindent 8 }}
+#   prometheusRule:
+#     enabled: { .Values.monitoring.prometheus.prometheusRules.enabled }}
+#     additionalLabels:
+#       { .Values.monitoring.prometheus.prometheusRules.labels | toYaml | nindent 8 }}
+replicaCount: {{ .Values.replicas.nextcloudNotifyPush }}
+resources:
+  {{ .Values.resources.nextcloudNotifyPush | toYaml | nindent 4 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.nextcloudNotifyPush.service | toYaml | nindent 6 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.nextcloudNotifyPush.serviceAccount | toYaml | nindent 6 }}
+
+...

helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl

@@ -13,7 +13,7 @@ images:
   nextcloud:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
-    tag: "30.0.10@sha256:a63374dd44d3c6a8873da31fe0554b97fb29993a4cf18b9dd6a304b577f2f2b8"
+    tag: "31.0.6@sha256:eb1fd84f39a9ff36bd1251ef4bc00b2a838bc2f9fb6df2b18b1a70ae72fac022"
   openxchangeCoreMW:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"

helmfile/environments/default/_helper.yaml.gotmpl

@@ -1,5 +1,12 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
+
+#
+# DISCLAIMER:
+#
+# The values in this file are exposed because they are used in multiple components and it does make sense to define
+# them centrally, but we do not support changing these values, please leave them as they are.
+#
 ---
 ldap:
   host: "ums-ldap-server"

helmfile/environments/default/annotations.yaml.gotmpl

@@ -117,6 +117,14 @@ annotations:
   nextcloudNextcloudMgmt:
     additional: ~
     pod: ~
+    service: ~
+    serviceAccount: ~
+  nextcloudNotifyPush:
+    additional: ~
+    ingress: ~
+    pod: ~
+    service: ~
+    serviceMetrics: ~
     serviceAccount: ~
   notes:
     ingressAdmin: ~

helmfile/environments/default/charts.yaml.gotmpl

@@ -251,7 +251,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "4.1.0"
+    version: "4.2.0"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -261,7 +261,17 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "4.1.0"
+    version: "4.2.0"
+    verify: true
+  nextcloudNotifyPush:
+    # providerCategory: "Platform"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry.opencode.de"
+    # packageName=bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud-notifypush
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
+    name: "opendesk-nextcloud-notifypush"
+    version: "4.2.0"
     verify: true
   nginx:
     # providerCategory: "Community"

helmfile/environments/default/customization.yaml.gotmpl

@@ -46,8 +46,9 @@ customization:
     # migrations-pre
     migrationsPre: {}
     # nextcloud
-    opendeskNextcloudManagement: {}
     opendeskNextcloud: {}
+    opendeskNextcloudManagement: {}
+    opendeskNextcloudNotifyPush: {}
     # notes
     notes: {}
     # nubus

helmfile/environments/default/images.yaml.gotmpl

@@ -320,7 +320,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "30.0.10@sha256:a022c6279072eb45d14cab29296860a15ad0d5801f50a56928334eb99bae50d0"
+    tag: "31.0.6@sha256:760d0f1ff724d53faa757987e7068d09df0c603e3ac4fbb8aefe1bf13270c615"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"

helmfile/environments/default/ingress.yaml.gotmpl

@@ -3,7 +3,7 @@
 ---
 ingress:
   enabled: true
-  ingressClassName: ""
+  ingressClassName: "nginx"
   tls:
     enabled: true
     secretName: "opendesk-certificates-tls"
@@ -12,6 +12,7 @@ ingress:
       collabora: "100M"
       element: "100M"
       nextcloud: "100M"
+      nextcloudNotifyPush: "100M"
       notes: "100M"
       openproject: "100M"
       oxAppSuite: "100M"
@@ -20,6 +21,7 @@ ingress:
       collabora: 600
       element: 60
       nextcloud: 600
+      nextcloudNotifyPush: 600
       notes: 60
       openproject: 60
       oxAppSuite: 60

helmfile/environments/default/replicas.yaml.gotmpl

@@ -164,6 +164,8 @@ replicas:
   # -- scalable: true
   nextcloud: 1
   # -- scalable: true
+  nextcloudNotifyPush: 1
+  # -- scalable: true
   nextcloudExporter: 1
 
   # -- component: openDesk Static Files

helmfile/environments/default/resources.yaml.gotmpl

@@ -276,6 +276,13 @@ resources:
     requests:
       cpu: 0.1
       memory: "32Mi"
+  nextcloudNotifyPush:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "512Mi"
   nginxS3Gateway:
     limits:
       cpu: 99