sheppy/opendesk
1
0
Fork 0
mirror of https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git synced 2025-12-06 15:31:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix(cryptpad): Add CryptPad to support editing of diagrams.net files from within Nextcloud

Browse Source
This commit is contained in:
Thomas Kaltenbrunner
2023-11-01 17:23:21 +00:00
committed by Thorsten Rossner
parent fecd13612b
commit ab6014f8c6
11 changed files with 147 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
.gitlab-ci.yml
View File

@@ -78,6 +78,12 @@ variables:
options: options:
- "yes" - "yes"
- "no" - "no"
DEPLOY_CRYPTPAD:
description: "Enable CryptPad deployment."
value: "no"
options:
- "yes"
- "no"
DEPLOY_ELEMENT: DEPLOY_ELEMENT:
description: "Enable Element deployment." description: "Enable Element deployment."
value: "no" value: "no"
@@ -342,6 +348,18 @@ collabora-deploy:
variables: variables:
COMPONENT: "collabora" COMPONENT: "collabora"
cryptpad-deploy:
stage: "component-deploy-stage-1"
extends: ".deploy-common"
rules:
- if: >
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
$NAMESPACE =~ /.+/ &&
($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_NEXTCLOUD != "no" || $DEPLOY_CRYPTPAD != "no")
when: "always"
variables:
COMPONENT: "cryptpad"
nextcloud-deploy: nextcloud-deploy:
stage: "component-deploy-stage-1" stage: "component-deploy-stage-1"
extends: ".deploy-common" extends: ".deploy-common"

5
README.md
View File

@@ -209,6 +209,7 @@ subdirectory `/helmfile/apps/services`.
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval | | ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine | Eval |
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval | | ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine | Eval |
| Collabora | `collabora.enabled` | `true` | Weboffice | Functional | | Collabora | `collabora.enabled` | `true` | Weboffice | Functional |
| CryptPad | `cryptpad.enabled` | `true` | Weboffice | Functional |
| Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional | | Dovecot | `dovecot.enabled` | `true` | Mail backend | Functional |
| Element | `element.enabled` | `true` | Secure communications platform | Functional | | Element | `element.enabled` | `true` | Secure communications platform | Functional |
| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional | | Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | Functional |
@@ -315,6 +316,7 @@ actual scalability of the components (see column `Scaling (verified)`).
| | `replicas.icap` | :white_check_mark: | :white_check_mark: | | | `replicas.icap` | :white_check_mark: | :white_check_mark: |
| | `replicas.milter` | :white_check_mark: | :white_check_mark: | | | `replicas.milter` | :white_check_mark: | :white_check_mark: |
| Collabora | `replicas.collabora` | :white_check_mark: | :gear: | | Collabora | `replicas.collabora` | :white_check_mark: | :gear: |
| CryptPad | `replicas.cryptpad` | :white_check_mark: | :gear: |
| Dovecot | `replicas.dovecot` | :x: | :gear: | | Dovecot | `replicas.dovecot` | :x: | :gear: |
| Element | `replicas.element` | :white_check_mark: | :white_check_mark: | | Element | `replicas.element` | :white_check_mark: | :white_check_mark: |
| | `replicas.synapse` | :x: | :gear: | | | `replicas.synapse` | :x: | :gear: |
@@ -376,6 +378,7 @@ This list gives you an overview of default security settings and if they comply
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | | | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 | | | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 | | Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
| CryptPad | cryptpad | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 4001 |
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | | Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 | | | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 | | | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
@@ -407,6 +410,7 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
| bitnami-repo (openDesk build) | yes | :white_check_mark: | | bitnami-repo (openDesk build) | yes | :white_check_mark: |
| clamav-repo | yes | :white_check_mark: | | clamav-repo | yes | :white_check_mark: |
| collabora-online-repo | no | :x: | | collabora-online-repo | no | :x: |
| cryptpad-online-repo | no | :x: |
| intercom-service-repo | yes | :white_check_mark: | | intercom-service-repo | yes | :white_check_mark: |
| istio-resources-repo | yes | :white_check_mark: | | istio-resources-repo | yes | :white_check_mark: |
| jitsi-repo | yes | :white_check_mark: | | jitsi-repo | yes | :white_check_mark: |
@@ -516,6 +520,7 @@ flowchart TD
J[Jitsi]-->K J[Jitsi]-->K
I[IntercomService]-->K I[IntercomService]-->K
C[Collabora]-->N C[Collabora]-->N
R[CryptPad]-->N
F[Postfix]-->D F[Postfix]-->D
``` ```

28
helmfile/apps/cryptpad/helmfile.yaml Normal file
View File

@@ -0,0 +1,28 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
bases:
- "../../bases/environments.yaml"
---
repositories:
# CryptPad
# Source: https://github.com/cryptpad/helm
- name: "cryptpad-online-repo"
url: >-
{{ env "PRIVATE_CHART_REPOSITORY_URL" |
default "https://cryptpad.github.io/helm" }}
releases:
- name: "cryptpad"
chart: "cryptpad-online-repo/cryptpad"
version: "0.0.13"
values:
- "values.yaml"
- "values.gotmpl"
installed: {{ .Values.cryptpad.enabled }}
commonLabels:
deploy-stage: "component-1"
component: "cryptpad"
...

33
helmfile/apps/cryptpad/values.gotmpl Normal file
View File

@@ -0,0 +1,33 @@
{{/*
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
SPDX-License-Identifier: Apache-2.0
*/}}
---
image:
repository: "{{ .Values.global.imageRegistry }}/{{ .Values.images.cryptpad.repository }}"
tag: {{ .Values.images.cryptpad.tag | quote }}
pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
imagePullSecrets:
{{- range .Values.global.imagePullSecrets }}
- name: {{ . | quote }}
{{- end }}
ingress:
enabled: {{ .Values.ingress.enabled }}
className: {{ .Values.ingress.ingressClassName | quote }}
hosts:
- host: "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
paths:
- path: "/"
pathType: "ImplementationSpecific"
tls:
- secretName: {{ .Values.ingress.tls.secretName | quote }}
hosts:
- "{{ .Values.global.hosts.cryptpad }}.{{ .Values.global.domain }}"
replicaCount: {{ .Values.replicas.cryptpad }}
resources:
{{ .Values.resources.cryptpad | toYaml | nindent 2 }}
...

45
helmfile/apps/cryptpad/values.yaml Normal file
View File

@@ -0,0 +1,45 @@
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
# SPDX-License-Identifier: Apache-2.0
---
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/README.md or
# https://github.com/cryptpad/helm/blob/main/charts/cryptpad/values.yaml
# Disable registration and access to unregistered users:
# (https://docs.cryptpad.org/en/admin_guide/customization.html#application-config)
application_config:
availablePadTypes:
- "diagram"
# Deactivating public access breaks nextcloud plugin!
# registeredOnlyTypes:
# - "diagram"
autoscaling:
enabled: false
enableEmbedding: true
fullnameOverride: "cryptpad"
persistence:
enabled: false
podSecurityContext:
fsGroup: 4001
securityContext:
seccompProfile:
type: "RuntimeDefault"
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
serviceAccount:
create: true
workloadStateful: false
...

3
helmfile/apps/nextcloud/values-bootstrap.yaml
View File

@@ -11,6 +11,9 @@ config:
userOidc: userOidc:
username: "ncoidc" username: "ncoidc"
cryptpad:
enabled: true
ldapSearch: ldapSearch:
host: "univention-corporate-container" host: "univention-corporate-container"
... ...

1
helmfile/environments/default/global.yaml
View File

@@ -9,6 +9,7 @@ global:
# #
hosts: hosts:
collabora: "collabora" collabora: "collabora"
cryptpad: "cryptpad"
dimension: "integration" dimension: "integration"
element: "chat" element: "chat"
etherpad: "etherpad" etherpad: "etherpad"

4
helmfile/environments/default/images.yaml
View File

@@ -10,6 +10,10 @@ images:
repository: "souvap/tooling/images/collabora" repository: "souvap/tooling/images/collabora"
tag: "23.05.5.3.1@sha256:496c913527ce83feb3fe2383d710851aa3781ffa56d200c75def74904d32adc3" tag: "23.05.5.3.1@sha256:496c913527ce83feb3fe2383d710851aa3781ffa56d200c75def74904d32adc3"
# @supplier: "Collabora" # @supplier: "Collabora"
cryptpad:
repository: "cryptpad/cryptpad"
tag: "opendesk-20231020@sha256:b0bfe09601d8c8064e1b174d21a225ddb10aaa4103892fdfdf3d216726c26dde"
# @supplier: "XWiki"
dovecot: dovecot:
repository: "dovecot/dovecot" repository: "dovecot/dovecot"
tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7" tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7"

1
helmfile/environments/default/replicas.yaml
View File

@@ -7,6 +7,7 @@ replicas:
# clamav-distributed # clamav-distributed
clamd: 1 clamd: 1
collabora: 1 collabora: 1
cryptpad: 1
dovecot: 1 dovecot: 1
element: 1 element: 1
# clamav-distributed # clamav-distributed

7
helmfile/environments/default/resources.yaml
View File

@@ -16,6 +16,13 @@ resources:
requests: requests:
cpu: 0.1 cpu: 0.1
memory: "16Mi" memory: "16Mi"
cryptpad:
limits:
cpu: 2
memory: "2Gi"
requests:
cpu: 0.1
memory: "512Mi"
dovecot: dovecot:
limits: limits:
cpu: 0.5 cpu: 0.5

2
helmfile/environments/default/workplace.yaml
View File

@@ -9,6 +9,8 @@ clamavSimple:
enabled: true enabled: true
collabora: collabora:
enabled: true enabled: true
cryptpad:
enabled: true
dovecot: dovecot:
enabled: true enabled: true
element: element: