From ba4e47f89a571cd496607b56f2971619da25a206 Mon Sep 17 00:00:00 2001 From: Thomas Kaltenbrunner Date: Tue, 25 Nov 2025 20:42:02 +0100 Subject: [PATCH] fix(element): Integrate new Element CE chart --- .../element-old/helmfile-child.yaml.gotmpl | 317 ++++++++++++++++++ .../apps/element-old/helmfile.yaml.gotmpl | 12 + .../element-old/values-element.yaml.gotmpl | 172 ++++++++++ .../values-matrix-neoboard-widget.yaml.gotmpl | 75 +++++ ...values-matrix-neochoice-widget.yaml.gotmpl | 75 +++++ ...atrix-neodatefix-bot-bootstrap.yaml.gotmpl | 51 +++ .../values-matrix-neodatefix-bot.yaml.gotmpl | 118 +++++++ ...alues-matrix-neodatefix-widget.yaml.gotmpl | 80 +++++ ...verification-service-bootstrap.yaml.gotmpl | 53 +++ ...trix-user-verification-service.yaml.gotmpl | 69 ++++ .../values-synapse-admin.yaml.gotmpl | 0 ...ues-synapse-adminbot-bootstrap.yaml.gotmpl | 0 .../values-synapse-adminbot-pipe.yaml.gotmpl | 0 .../values-synapse-adminbot-web.yaml.gotmpl | 0 ...ues-synapse-auditbot-bootstrap.yaml.gotmpl | 0 .../values-synapse-auditbot-pipe.yaml.gotmpl | 0 .../values-synapse-groupsync.yaml.gotmpl | 0 .../values-synapse-web.yaml.gotmpl | 0 .../values-synapse.yaml.gotmpl | 0 .../values-well-known.yaml.gotmpl | 0 .../apps/element/helmfile-child.yaml.gotmpl | 169 +--------- helmfile/apps/element/helmfile.yaml.gotmpl | 3 +- .../apps/element/values-element.yaml.gotmpl | 248 +++++--------- .../values-postgresql.yaml.gotmpl | 6 + .../environments/default/charts.yaml.gotmpl | 84 +---- .../environments/default/database.yaml.gotmpl | 23 ++ .../environments/default/images.yaml.gotmpl | 83 ++++- .../environments/default/secrets.yaml.gotmpl | 1 + 28 files changed, 1213 insertions(+), 426 deletions(-) create mode 100644 helmfile/apps/element-old/helmfile-child.yaml.gotmpl create mode 100644 helmfile/apps/element-old/helmfile.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-element.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-neoboard-widget.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-neochoice-widget.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-neodatefix-bot.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-neodatefix-widget.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-user-verification-service-bootstrap.yaml.gotmpl create mode 100644 helmfile/apps/element-old/values-matrix-user-verification-service.yaml.gotmpl rename helmfile/apps/{element => element-old}/values-synapse-admin.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-adminbot-bootstrap.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-adminbot-pipe.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-adminbot-web.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-auditbot-bootstrap.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-auditbot-pipe.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-groupsync.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse-web.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-synapse.yaml.gotmpl (100%) rename helmfile/apps/{element => element-old}/values-well-known.yaml.gotmpl (100%) diff --git a/helmfile/apps/element-old/helmfile-child.yaml.gotmpl b/helmfile/apps/element-old/helmfile-child.yaml.gotmpl new file mode 100644 index 00000000..1418b688 --- /dev/null +++ b/helmfile/apps/element-old/helmfile-child.yaml.gotmpl @@ -0,0 +1,317 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +repositories: + # openDesk Element + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element + - name: "element-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.element.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}" + - name: "element-well-known-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.elementWellKnown.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}" + - name: "synapse-web-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseWeb.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}" + - name: "synapse-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapse.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}" + - name: "synapse-create-account-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseCreateAccount.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}" + + # openDesk Matrix Widgets + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets + - name: "matrix-user-verification-service-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixUserVerificationService.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/{{ .Values.charts.matrixUserVerificationService.repository }}" + - name: "matrix-neoboard-widget-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neochoice-widget-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neodatefix-widget-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeodatefixWidget.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}" + - name: "matrix-neodatefix-bot-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.matrixNeodatefixBot.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}" + + # openDesk Enterprise Repositories + + # openDesk Element + # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element + - name: "synapse-admin-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseAdmin.verify }} + username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdmin.registry }}/{{ .Values.charts.synapseAdmin.repository }}" + - name: "synapse-adminbot-web-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseAdminbotWeb.verify }} + username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdminbotWeb.registry }}/{{ .Values.charts.synapseAdminbotWeb.repository }}" + - name: "synapse-groupsync-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapseGroupsync.verify }} + username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseGroupsync.registry }}/{{ .Values.charts.synapseGroupsync.repository }}" + - name: "synapse-pipe-repo" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.synapsePipe.verify }} + username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapsePipe.registry }}/{{ .Values.charts.synapsePipe.repository }}" + +releases: + - name: "opendesk-element" + chart: "element-repo/{{ .Values.charts.element.name }}" + version: "{{ .Values.charts.element.version }}" + values: + - "values-element.yaml.gotmpl" + {{- range .Values.customization.release.opendeskElement }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "opendesk-well-known" + chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}" + version: "{{ .Values.charts.elementWellKnown.version }}" + values: + - "values-well-known.yaml.gotmpl" + {{- range .Values.customization.release.opendeskWellKnown }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "opendesk-synapse-web" + chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}" + version: "{{ .Values.charts.synapseWeb.version }}" + values: + - "values-synapse-web.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseWeb }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "opendesk-synapse" + chart: "synapse-repo/{{ .Values.charts.synapse.name }}" + version: "{{ .Values.charts.synapse.version }}" + values: + - "values-synapse.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapse }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "opendesk-matrix-user-verification-service-bootstrap" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" + values: + - "values-matrix-user-verification-service-bootstrap.yaml.gotmpl" + {{- range .Values.customization.release.matrixUserVerificationServiceBootstrap }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "opendesk-matrix-user-verification-service" + chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}" + version: "{{ .Values.charts.matrixUserVerificationService.version }}" + values: + - "values-matrix-user-verification-service.yaml.gotmpl" + {{- range .Values.customization.release.matrixUserVerificationService }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "matrix-neoboard-widget" + chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}" + version: "{{ .Values.charts.matrixNeoboardWidget.version }}" + values: + - "values-matrix-neoboard-widget.yaml.gotmpl" + {{- range .Values.customization.release.matrixNeoboardWidget }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "matrix-neochoice-widget" + chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiceWidget.name }}" + version: "{{ .Values.charts.matrixNeochoiceWidget.version }}" + values: + - "values-matrix-neochoice-widget.yaml.gotmpl" + {{- range .Values.customization.release.matrixNeochoiceWidget }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "matrix-neodatefix-widget" + chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}" + version: "{{ .Values.charts.matrixNeodatefixWidget.version }}" + values: + - "values-matrix-neodatefix-widget.yaml.gotmpl" + {{- range .Values.customization.release.matrixNeodatefixWidget }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "matrix-neodatefix-bot-bootstrap" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" + values: + - "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl" + {{- range .Values.customization.release.matrixNeodatefixBotBootstrap }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + - name: "matrix-neodatefix-bot" + chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}" + version: "{{ .Values.charts.matrixNeodatefixBot.version }}" + values: + - "values-matrix-neodatefix-bot.yaml.gotmpl" + {{- range .Values.customization.release.matrixNeodatefixBot }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.element.enabled }} + timeout: 900 + + # openDesk Enterprise Releases + - name: "opendesk-synapse-admin" + chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}" + version: "{{ .Values.charts.synapseAdmin.version }}" + values: + - "values-synapse-admin.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseAdmin }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementAdmin.enabled }} + timeout: 900 + + - name: "opendesk-synapse-adminbot-bootstrap" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" + values: + - "values-synapse-adminbot-bootstrap.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementAdmin.enabled }} + timeout: 900 + + - name: "opendesk-synapse-adminbot-pipe" + chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}" + version: "{{ .Values.charts.synapsePipe.version }}" + values: + - "values-synapse-adminbot-pipe.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementAdmin.enabled }} + timeout: 900 + + - name: "opendesk-synapse-adminbot-web" + chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}" + version: "{{ .Values.charts.synapseAdminbotWeb.version }}" + values: + - "values-synapse-adminbot-web.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementAdmin.enabled }} + timeout: 900 + + - name: "opendesk-synapse-auditbot-bootstrap" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" + values: + - "values-synapse-auditbot-bootstrap.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementAdmin.enabled }} + timeout: 900 + + - name: "opendesk-synapse-auditbot-pipe" + chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}" + version: "{{ .Values.charts.synapsePipe.version }}" + values: + - "values-synapse-auditbot-pipe.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementAdmin.enabled }} + timeout: 900 + + - name: "opendesk-synapse-groupsync" + chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}" + version: "{{ .Values.charts.synapseGroupsync.version }}" + values: + - "values-synapse-groupsync.yaml.gotmpl" + {{- range .Values.customization.release.opendeskSynapseGroupsync }} + - {{ . }} + {{- end }} + installed: {{ .Values.apps.elementGroupsync.enabled }} + timeout: 900 + +commonLabels: + deployStage: "050-components" + component: "element" +... diff --git a/helmfile/apps/element-old/helmfile.yaml.gotmpl b/helmfile/apps/element-old/helmfile.yaml.gotmpl new file mode 100644 index 00000000..bf495635 --- /dev/null +++ b/helmfile/apps/element-old/helmfile.yaml.gotmpl @@ -0,0 +1,12 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +bases: + - "../../bases/environments.yaml.gotmpl" +--- +helmfiles: + - path: "./helmfile-child.yaml.gotmpl" + values: + - {{ toYaml .Values | nindent 8 }} +... diff --git a/helmfile/apps/element-old/values-element.yaml.gotmpl b/helmfile/apps/element-old/values-element.yaml.gotmpl new file mode 100644 index 00000000..6a07e362 --- /dev/null +++ b/helmfile/apps/element-old/values-element.yaml.gotmpl @@ -0,0 +1,172 @@ +# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +commonAnnotations: + {{ .Values.annotations.element.common | toYaml | nindent 2 }} + +configuration: + endToEndEncryption: true + additionalConfiguration: + logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" + + "net.nordeck.element_web.module.opendesk": + config: + banner: + ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json" + ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent" + portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" + portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/" + custom_css_variables: + --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }} + --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }} + + "net.nordeck.element_web.module.widget_lifecycle": + widget_permissions: + "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html": + identity_approved: true + "https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*": + preload_approved: true + capabilities_approved: + - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create + - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create + - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk + - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk + - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot + - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot + - org.matrix.msc2762.receive.state_event:m.room.create + - org.matrix.msc2762.send.state_event:m.room.power_levels# + - org.matrix.msc2762.receive.state_event:m.room.power_levels# + - org.matrix.msc2762.receive.state_event:m.room.member + - org.matrix.msc2762.receive.state_event:m.room.name + - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard + - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard + - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#* + - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions + - org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling + - org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling + - town.robin.msc3846.turn_servers + - org.matrix.msc4039.upload_file + - org.matrix.msc4039.download_file + "https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*": + preload_approved: true + capabilities_approved: + - org.matrix.msc2762.send.event:net.nordeck.poll.vote + - org.matrix.msc2762.receive.event:net.nordeck.poll.vote + - org.matrix.msc2762.send.state_event:net.nordeck.poll + - org.matrix.msc2762.receive.state_event:net.nordeck.poll + - org.matrix.msc2762.send.state_event:net.nordeck.poll.settings + - org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings + - org.matrix.msc2762.receive.state_event:m.room.create + - org.matrix.msc2762.receive.state_event:m.room.power_levels + - org.matrix.msc2762.receive.state_event:m.room.name + - org.matrix.msc2762.receive.state_event:m.room.member + - org.matrix.msc2762.send.state_event:net.nordeck.poll.group + - org.matrix.msc2762.receive.state_event:net.nordeck.poll.group + - org.matrix.msc2762.send.event:net.nordeck.poll.start + - org.matrix.msc2762.receive.event:net.nordeck.poll.start + "https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*": + preload_approved: true + identity_approved: true + capabilities_approved: + - org.matrix.msc2931.navigate + - org.matrix.msc2762.timeline:* + - org.matrix.msc2762.receive.state_event:m.room.power_levels + - org.matrix.msc2762.receive.event:m.reaction + - org.matrix.msc2762.receive.state_event:m.room.create + - org.matrix.msc2762.receive.state_event:m.room.tombstone + - org.matrix.msc2762.receive.state_event:m.room.member + - org.matrix.msc2762.send.state_event:m.room.member + - org.matrix.msc2762.receive.state_event:m.room.name + - org.matrix.msc2762.receive.state_event:m.room.topic + - org.matrix.msc2762.receive.state_event:m.space.parent + - org.matrix.msc2762.receive.state_event:m.space.child + - org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata + - org.matrix.msc2762.receive.state_event:im.vector.modular.widgets + - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create + - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create + - org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create + - org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create + - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close + - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close + - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle + - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle + - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle + - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle + - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update + - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update + - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions + - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions + - org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message + - org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message + - org.matrix.msc3973.user_directory_search + + welcomeUserId: "@meetings-bot:{{ .Values.global.matrixDomain | default .Values.global.domain }}" + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.element | toYaml | nindent 4 }} + +global: + domain: {{ .Values.global.domain | quote }} + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.element.registry | quote }} + repository: {{ .Values.images.element.repository | quote }} + tag: {{ .Values.images.element.tag | quote }} + +ingress: + host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" + enabled: {{ .Values.ingress.enabled }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: {{ .Values.ingress.tls.secretName | quote }} + annotations: + {{ .Values.annotations.element.ingress | toYaml | nindent 4 }} + +podAnnotations: + intents.otterize.com/service-name: "opendesk-element" + {{- with .Values.annotations.element.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +replicaCount: {{ .Values.replicas.element }} + +resources: + {{ .Values.resources.element | toYaml | nindent 2 }} + +service: + annotations: + {{ .Values.annotations.element.service | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.element.serviceAccount | toYaml | nindent 4 }} + +theme: + title: "Chat - {{ .Values.theme.texts.productName }}" + {{ .Values.theme | toYaml | nindent 2 }} + +... diff --git a/helmfile/apps/element-old/values-matrix-neoboard-widget.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-neoboard-widget.yaml.gotmpl new file mode 100644 index 00000000..0d885a05 --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-neoboard-widget.yaml.gotmpl @@ -0,0 +1,75 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +additionalAnnotations: + {{ .Values.annotations.elementMatrixNeoboardWidget.additional | toYaml | nindent 2 }} + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoBoardWidget | toYaml | nindent 4 }} + +global: + domain: {{ .Values.global.domain | quote }} + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoBoardWidget.registry | quote }} + repository: {{ .Values.images.matrixNeoBoardWidget.repository | quote }} + tag: {{ .Values.images.matrixNeoBoardWidget.tag | quote }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: {{ .Values.ingress.tls.secretName | quote }} + annotations: + {{ .Values.annotations.elementMatrixNeoboardWidget.ingress | toYaml | nindent 4 }} + +podAnnotations: + intents.otterize.com/service-name: "matrix-neoboard-widget" + {{- with .Values.annotations.elementMatrixNeoboardWidget.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }} + +resources: + {{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }} + +service: + annotations: + {{ .Values.annotations.elementMatrixNeoboardWidget.service | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixNeoboardWidget.serviceAccount | toYaml | nindent 4 }} + +theme: + {{ .Values.theme | toYaml | nindent 2 }} + +nginx: + ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }} + +... diff --git a/helmfile/apps/element-old/values-matrix-neochoice-widget.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-neochoice-widget.yaml.gotmpl new file mode 100644 index 00000000..368c477f --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-neochoice-widget.yaml.gotmpl @@ -0,0 +1,75 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +additionalAnnotations: + {{ .Values.annotations.elementMatrixNeochoiceWidget.additional | toYaml | nindent 2 }} + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoChoiceWidget | toYaml | nindent 4 }} + +global: + domain: {{ .Values.global.domain | quote }} + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoChoiceWidget.registry | quote }} + repository: {{ .Values.images.matrixNeoChoiceWidget.repository | quote }} + tag: {{ .Values.images.matrixNeoChoiceWidget.tag | quote }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: {{ .Values.ingress.tls.secretName | quote }} + annotations: + {{ .Values.annotations.elementMatrixNeochoiceWidget.ingress | toYaml | nindent 4 }} + +podAnnotations: + intents.otterize.com/service-name: "matrix-neochoice-widget" + {{- with .Values.annotations.elementMatrixNeochoiceWidget.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }} + +service: + annotations: + {{ .Values.annotations.elementMatrixNeochoiceWidget.service | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixNeochoiceWidget.serviceAccount | toYaml | nindent 4 }} + +theme: + {{ .Values.theme | toYaml | nindent 2 }} + +resources: + {{ .Values.resources.matrixNeoChoiceWidget | toYaml | nindent 2 }} + +nginx: + ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }} + +... diff --git a/helmfile/apps/element-old/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl new file mode 100644 index 00000000..b75aa36d --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl @@ -0,0 +1,51 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +cleanup: + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} + +configuration: + username: "meetings-bot" + pod: "opendesk-synapse-0" + secretName: "matrix-neodatefix-bot-account" + password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }} + +global: + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }} + url: {{ .Values.images.synapseCreateUser.repository | quote }} + tag: {{ .Values.images.synapseCreateUser.tag | quote }} + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +fullnameOverride: "matrix-neodatefix-bot-bootstrap" + +podAnnotations: + intents.otterize.com/service-name: "values-matrix-neodatefix-bot-bootstrap" + {{- with .Values.annotations.elementMatrixNeodatefixBotBootstrap.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.serviceAccount | toYaml | nindent 4 }} +... diff --git a/helmfile/apps/element-old/values-matrix-neodatefix-bot.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-neodatefix-bot.yaml.gotmpl new file mode 100644 index 00000000..2e4033ef --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-neodatefix-bot.yaml.gotmpl @@ -0,0 +1,118 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +additionalAnnotations: + {{ .Values.annotations.elementMatrixNeodatefixBot.additional | toYaml | nindent 2 }} + +global: + domain: {{ .Values.global.domain | quote }} + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +configuration: + bot: + username: "meetings-bot" + display name: "Terminplaner Bot" + openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}" + strings: + breakoutSessionWidgetName: "Breakoutsessions" + calendarRoomName: "Terminplaner" + calendarWidgetName: "Terminplaner" + cockpitWidgetName: "Meeting Steuerung" + jitsiWidgetName: "Videokonferenz" + matrixNeoBoardWidgetName: "Whiteboard" + matrixNeoChoiceWidgetName: "Abstimmungen" + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoDateFixBot | toYaml | nindent 4 }} + +extraEnvVars: + - name: "ACCESS_TOKEN" + valueFrom: + secretKeyRef: + name: "matrix-neodatefix-bot-account" + key: "access_token" +{{- if .Values.certificate.selfSigned }} + - name: "NODE_EXTRA_CA_CERTS" + value: "/etc/ssl/certs/ca-certificates.crt" + +extraVolumes: + - name: "trusted-cert-secret-volume" + secret: + secretName: "opendesk-certificates-ca-tls" + items: + - key: "ca.crt" + path: "ca-certificates.crt" +extraVolumeMounts: + - name: "trusted-cert-secret-volume" + mountPath: "/etc/ssl/certs/ca-certificates.crt" + subPath: "ca-certificates.crt" +{{- end }} + +image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoDateFixBot.registry | quote }} + repository: {{ .Values.images.matrixNeoDateFixBot.repository | quote }} + tag: {{ .Values.images.matrixNeoDateFixBot.tag | quote }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: {{ .Values.ingress.tls.secretName | quote }} + annotations: + {{ .Values.annotations.elementMatrixNeodatefixBot.ingress | toYaml | nindent 4 }} + +liveness sample: + enabled: true + +persistence: + size: {{ .Values.persistence.storages.matrixNeoDateFixBot.size | quote }} + storageClass: {{ coalesce .Values.persistence.storages.matrixNeoDateFixBot.storageClassName .Values.persistence.storageClassNames.RWO | quote }} + annotations: + {{ .Values.annotations.elementMatrixNeodatefixBot.persistence | toYaml | nindent 4 }} + +podAnnotations: + intents.otterize.com/service-name: "matrix-neodatefix-bot" + {{- with .Values.annotations.elementMatrixNeodatefixBot.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +readinessProbe: + enabled: true + +replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }} + +resources: + {{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }} + +service: + annotations: + {{ .Values.annotations.elementMatrixNeodatefixBot.service | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixNeodatefixBot.serviceAccount | toYaml | nindent 4 }} + +... diff --git a/helmfile/apps/element-old/values-matrix-neodatefix-widget.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-neodatefix-widget.yaml.gotmpl new file mode 100644 index 00000000..cc584af2 --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-neodatefix-widget.yaml.gotmpl @@ -0,0 +1,80 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +additionalAnnotations: + {{ .Values.annotations.elementMatrixNeodatefixWidget.additional | toYaml | nindent 2 }} + +configuration: + bot: + username: "meetings-bot" + homeserver: {{ .Values.global.matrixDomain | default .Values.global.domain }} + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + enabled: true + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixNeoDateFixWidget | toYaml | nindent 4 }} + +global: + domain: {{ .Values.global.domain | quote }} + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoDateFixWidget.registry | quote }} + repository: {{ .Values.images.matrixNeoDateFixWidget.repository | quote }} + tag: {{ .Values.images.matrixNeoDateFixWidget.tag | quote }} + +ingress: + enabled: {{ .Values.ingress.enabled }} + ingressClassName: {{ .Values.ingress.ingressClassName | quote }} + tls: + enabled: {{ .Values.ingress.tls.enabled }} + secretName: {{ .Values.ingress.tls.secretName | quote }} + annotations: + {{ .Values.annotations.elementMatrixNeodatefixWidget.ingress | toYaml | nindent 4 }} + +podAnnotations: + intents.otterize.com/service-name: "matrix-neodatefix-widget" + {{- with .Values.annotations.elementMatrixNeodatefixWidget.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +replicaCount: {{ .Values.replicas.matrixNeoDateFixWidget }} + +resources: + {{ .Values.resources.matrixNeoDateFixWidget | toYaml | nindent 2 }} + +theme: + {{ .Values.theme | toYaml | nindent 2 }} + +service: + annotations: + {{ .Values.annotations.elementMatrixNeodatefixWidget.service | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixNeodatefixWidget.serviceAccount | toYaml | nindent 4 }} + +nginx: + ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }} + +... diff --git a/helmfile/apps/element-old/values-matrix-user-verification-service-bootstrap.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-user-verification-service-bootstrap.yaml.gotmpl new file mode 100644 index 00000000..34a3f3bc --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-user-verification-service-bootstrap.yaml.gotmpl @@ -0,0 +1,53 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +cleanup: + deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }} + deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }} + +configuration: + username: "uvs" + pod: "opendesk-synapse-0" + secretName: "opendesk-matrix-user-verification-service-account" + password: {{ .Values.secrets.matrixUserVerificationService.password | quote }} + +global: + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }} + url: {{ .Values.images.synapseCreateUser.repository | quote }} + tag: {{ .Values.images.synapseCreateUser.tag | quote }} + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + +fullnameOverride: "opendesk-matrix-user-verification-service-bootstrap" + +podAnnotations: + intents.otterize.com/service-name: "opendesk-matrix-user-verification-service-bootstrap" + {{- with .Values.annotations.elementMatrixUserVerificationServiceBootstrap.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + privileged: false + readOnlyRootFilesystem: true + runAsGroup: 101 + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixUserVerificationServiceBootstrap.serviceAccount | toYaml | nindent 4 }} + + +... diff --git a/helmfile/apps/element-old/values-matrix-user-verification-service.yaml.gotmpl b/helmfile/apps/element-old/values-matrix-user-verification-service.yaml.gotmpl new file mode 100644 index 00000000..033fbd5b --- /dev/null +++ b/helmfile/apps/element-old/values-matrix-user-verification-service.yaml.gotmpl @@ -0,0 +1,69 @@ +# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH +# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +additionalAnnotations: + {{ .Values.annotations.elementMatrixUserVerificationService.additional | toYaml | nindent 2 }} + +containerSecurityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" + enabled: true + privileged: false + readOnlyRootFilesystem: false + runAsGroup: 1000 + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: "RuntimeDefault" + seLinuxOptions: + {{ .Values.seLinuxOptions.matrixUserVerificationService | toYaml | nindent 4 }} + +extraEnvVars: + - name: "UVS_ACCESS_TOKEN" + valueFrom: + secretKeyRef: + name: "opendesk-matrix-user-verification-service-account" + key: "access_token" + - name: "UVS_DISABLE_IP_BLACKLIST" + value: "true" + +global: + domain: {{ .Values.global.domain | quote }} + hosts: + {{ .Values.global.hosts | toYaml | nindent 4 }} + imagePullSecrets: + {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} + +image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixUserVerificationService.registry | quote }} + repository: {{ .Values.images.matrixUserVerificationService.repository | quote }} + tag: {{ .Values.images.matrixUserVerificationService.tag | quote }} + +podAnnotations: + intents.otterize.com/service-name: "opendesk-matrix-user-verification-service" + {{- with .Values.annotations.elementMatrixUserVerificationService.pod }} + {{ . | toYaml | nindent 2 }} + {{- end }} + +podSecurityContext: + enabled: true + fsGroup: 101 + +replicaCount: {{ .Values.replicas.matrixUserVerificationService }} + +resources: + {{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }} + +service: + annotations: + {{ .Values.annotations.elementMatrixUserVerificationService.service | toYaml | nindent 4 }} + +serviceAccount: + annotations: + {{ .Values.annotations.elementMatrixUserVerificationService.serviceAccount | toYaml | nindent 4 }} + +... diff --git a/helmfile/apps/element/values-synapse-admin.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-admin.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-admin.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-admin.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-adminbot-bootstrap.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-adminbot-bootstrap.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-adminbot-bootstrap.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-adminbot-bootstrap.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-adminbot-pipe.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-adminbot-pipe.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-adminbot-pipe.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-adminbot-web.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-adminbot-web.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-adminbot-web.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-auditbot-bootstrap.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-auditbot-bootstrap.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-auditbot-bootstrap.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-auditbot-bootstrap.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-auditbot-pipe.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-auditbot-pipe.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-auditbot-pipe.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-groupsync.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-groupsync.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-groupsync.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse-web.yaml.gotmpl b/helmfile/apps/element-old/values-synapse-web.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse-web.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse-web.yaml.gotmpl diff --git a/helmfile/apps/element/values-synapse.yaml.gotmpl b/helmfile/apps/element-old/values-synapse.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-synapse.yaml.gotmpl rename to helmfile/apps/element-old/values-synapse.yaml.gotmpl diff --git a/helmfile/apps/element/values-well-known.yaml.gotmpl b/helmfile/apps/element-old/values-well-known.yaml.gotmpl similarity index 100% rename from helmfile/apps/element/values-well-known.yaml.gotmpl rename to helmfile/apps/element-old/values-well-known.yaml.gotmpl diff --git a/helmfile/apps/element/helmfile-child.yaml.gotmpl b/helmfile/apps/element/helmfile-child.yaml.gotmpl index 1418b688..ad244be9 100644 --- a/helmfile/apps/element/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/element/helmfile-child.yaml.gotmpl @@ -1,9 +1,9 @@ -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0 --- repositories: # openDesk Element - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element + # Source: https://github.com/element-hq/ess-helm - name: "element-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" verify: {{ .Values.charts.element.verify }} @@ -11,27 +11,6 @@ repositories: password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} oci: true url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}" - - name: "element-well-known-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.elementWellKnown.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}" - - name: "synapse-web-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapseWeb.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}" - - name: "synapse-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapse.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}" - name: "synapse-create-account-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" verify: {{ .Values.charts.synapseCreateAccount.verify }} @@ -78,39 +57,6 @@ repositories: oci: true url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}" - # openDesk Enterprise Repositories - - # openDesk Element - # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element - - name: "synapse-admin-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapseAdmin.verify }} - username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdmin.registry }}/{{ .Values.charts.synapseAdmin.repository }}" - - name: "synapse-adminbot-web-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapseAdminbotWeb.verify }} - username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdminbotWeb.registry }}/{{ .Values.charts.synapseAdminbotWeb.repository }}" - - name: "synapse-groupsync-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapseGroupsync.verify }} - username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseGroupsync.registry }}/{{ .Values.charts.synapseGroupsync.repository }}" - - name: "synapse-pipe-repo" - keyring: "../../files/gpg-pubkeys/opencode.gpg" - verify: {{ .Values.charts.synapsePipe.verify }} - username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapsePipe.registry }}/{{ .Values.charts.synapsePipe.repository }}" - releases: - name: "opendesk-element" chart: "element-repo/{{ .Values.charts.element.name }}" @@ -123,39 +69,6 @@ releases: installed: {{ .Values.apps.element.enabled }} timeout: 900 - - name: "opendesk-well-known" - chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}" - version: "{{ .Values.charts.elementWellKnown.version }}" - values: - - "values-well-known.yaml.gotmpl" - {{- range .Values.customization.release.opendeskWellKnown }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.element.enabled }} - timeout: 900 - - - name: "opendesk-synapse-web" - chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}" - version: "{{ .Values.charts.synapseWeb.version }}" - values: - - "values-synapse-web.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseWeb }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.element.enabled }} - timeout: 900 - - - name: "opendesk-synapse" - chart: "synapse-repo/{{ .Values.charts.synapse.name }}" - version: "{{ .Values.charts.synapse.version }}" - values: - - "values-synapse.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapse }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.element.enabled }} - timeout: 900 - - name: "opendesk-matrix-user-verification-service-bootstrap" chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" version: "{{ .Values.charts.synapseCreateAccount.version }}" @@ -233,84 +146,6 @@ releases: installed: {{ .Values.apps.element.enabled }} timeout: 900 - # openDesk Enterprise Releases - - name: "opendesk-synapse-admin" - chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}" - version: "{{ .Values.charts.synapseAdmin.version }}" - values: - - "values-synapse-admin.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseAdmin }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementAdmin.enabled }} - timeout: 900 - - - name: "opendesk-synapse-adminbot-bootstrap" - chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" - version: "{{ .Values.charts.synapseCreateAccount.version }}" - values: - - "values-synapse-adminbot-bootstrap.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementAdmin.enabled }} - timeout: 900 - - - name: "opendesk-synapse-adminbot-pipe" - chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}" - version: "{{ .Values.charts.synapsePipe.version }}" - values: - - "values-synapse-adminbot-pipe.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementAdmin.enabled }} - timeout: 900 - - - name: "opendesk-synapse-adminbot-web" - chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}" - version: "{{ .Values.charts.synapseAdminbotWeb.version }}" - values: - - "values-synapse-adminbot-web.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementAdmin.enabled }} - timeout: 900 - - - name: "opendesk-synapse-auditbot-bootstrap" - chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" - version: "{{ .Values.charts.synapseCreateAccount.version }}" - values: - - "values-synapse-auditbot-bootstrap.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementAdmin.enabled }} - timeout: 900 - - - name: "opendesk-synapse-auditbot-pipe" - chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}" - version: "{{ .Values.charts.synapsePipe.version }}" - values: - - "values-synapse-auditbot-pipe.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementAdmin.enabled }} - timeout: 900 - - - name: "opendesk-synapse-groupsync" - chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}" - version: "{{ .Values.charts.synapseGroupsync.version }}" - values: - - "values-synapse-groupsync.yaml.gotmpl" - {{- range .Values.customization.release.opendeskSynapseGroupsync }} - - {{ . }} - {{- end }} - installed: {{ .Values.apps.elementGroupsync.enabled }} - timeout: 900 - commonLabels: deployStage: "050-components" component: "element" diff --git a/helmfile/apps/element/helmfile.yaml.gotmpl b/helmfile/apps/element/helmfile.yaml.gotmpl index bf495635..10a86777 100644 --- a/helmfile/apps/element/helmfile.yaml.gotmpl +++ b/helmfile/apps/element/helmfile.yaml.gotmpl @@ -1,5 +1,4 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH # SPDX-License-Identifier: Apache-2.0 --- bases: diff --git a/helmfile/apps/element/values-element.yaml.gotmpl b/helmfile/apps/element/values-element.yaml.gotmpl index 6a07e362..568f3589 100644 --- a/helmfile/apps/element/values-element.yaml.gotmpl +++ b/helmfile/apps/element/values-element.yaml.gotmpl @@ -1,172 +1,82 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -# SPDX-License-Identifier: Apache-2.0 ---- -commonAnnotations: - {{ .Values.annotations.element.common | toYaml | nindent 2 }} -configuration: - endToEndEncryption: true - additionalConfiguration: - logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}" +# FROM synapse-minimal-values.yaml - "net.nordeck.element_web.module.opendesk": - config: - banner: - ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json" - ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent" - portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg" - portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/" - custom_css_variables: - --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }} - --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }} - - "net.nordeck.element_web.module.widget_lifecycle": - widget_permissions: - "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html": - identity_approved: true - "https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*": - preload_approved: true - capabilities_approved: - - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create - - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create - - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk - - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk - - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot - - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot - - org.matrix.msc2762.receive.state_event:m.room.create - - org.matrix.msc2762.send.state_event:m.room.power_levels# - - org.matrix.msc2762.receive.state_event:m.room.power_levels# - - org.matrix.msc2762.receive.state_event:m.room.member - - org.matrix.msc2762.receive.state_event:m.room.name - - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard - - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard - - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#* - - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions - - org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling - - org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling - - town.robin.msc3846.turn_servers - - org.matrix.msc4039.upload_file - - org.matrix.msc4039.download_file - "https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*": - preload_approved: true - capabilities_approved: - - org.matrix.msc2762.send.event:net.nordeck.poll.vote - - org.matrix.msc2762.receive.event:net.nordeck.poll.vote - - org.matrix.msc2762.send.state_event:net.nordeck.poll - - org.matrix.msc2762.receive.state_event:net.nordeck.poll - - org.matrix.msc2762.send.state_event:net.nordeck.poll.settings - - org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings - - org.matrix.msc2762.receive.state_event:m.room.create - - org.matrix.msc2762.receive.state_event:m.room.power_levels - - org.matrix.msc2762.receive.state_event:m.room.name - - org.matrix.msc2762.receive.state_event:m.room.member - - org.matrix.msc2762.send.state_event:net.nordeck.poll.group - - org.matrix.msc2762.receive.state_event:net.nordeck.poll.group - - org.matrix.msc2762.send.event:net.nordeck.poll.start - - org.matrix.msc2762.receive.event:net.nordeck.poll.start - "https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*": - preload_approved: true - identity_approved: true - capabilities_approved: - - org.matrix.msc2931.navigate - - org.matrix.msc2762.timeline:* - - org.matrix.msc2762.receive.state_event:m.room.power_levels - - org.matrix.msc2762.receive.event:m.reaction - - org.matrix.msc2762.receive.state_event:m.room.create - - org.matrix.msc2762.receive.state_event:m.room.tombstone - - org.matrix.msc2762.receive.state_event:m.room.member - - org.matrix.msc2762.send.state_event:m.room.member - - org.matrix.msc2762.receive.state_event:m.room.name - - org.matrix.msc2762.receive.state_event:m.room.topic - - org.matrix.msc2762.receive.state_event:m.space.parent - - org.matrix.msc2762.receive.state_event:m.space.child - - org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata - - org.matrix.msc2762.receive.state_event:im.vector.modular.widgets - - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create - - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create - - org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create - - org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create - - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close - - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close - - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle - - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle - - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle - - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle - - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update - - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update - - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions - - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions - - org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message - - org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message - - org.matrix.msc3973.user_directory_search - - welcomeUserId: "@meetings-bot:{{ .Values.global.matrixDomain | default .Values.global.domain }}" - -containerSecurityContext: - allowPrivilegeEscalation: false - capabilities: - drop: - - "ALL" +deploymentMarkers: + enabled: false +elementAdmin: + enabled: false +elementWeb: enabled: true - privileged: false - readOnlyRootFilesystem: true - runAsGroup: 101 - runAsNonRoot: true - runAsUser: 101 - seccompProfile: - type: "RuntimeDefault" - seLinuxOptions: - {{ .Values.seLinuxOptions.element | toYaml | nindent 4 }} - -global: - domain: {{ .Values.global.domain | quote }} - hosts: - {{ .Values.global.hosts | toYaml | nindent 4 }} - imagePullSecrets: - {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} - -image: - imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} - registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.element.registry | quote }} - repository: {{ .Values.images.element.repository | quote }} - tag: {{ .Values.images.element.tag | quote }} - -ingress: - host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" - enabled: {{ .Values.ingress.enabled }} - ingressClassName: {{ .Values.ingress.ingressClassName | quote }} - tls: - enabled: {{ .Values.ingress.tls.enabled }} - secretName: {{ .Values.ingress.tls.secretName | quote }} - annotations: - {{ .Values.annotations.element.ingress | toYaml | nindent 4 }} - -podAnnotations: - intents.otterize.com/service-name: "opendesk-element" - {{- with .Values.annotations.element.pod }} - {{ . | toYaml | nindent 2 }} - {{- end }} - -podSecurityContext: - enabled: true - fsGroup: 101 - -replicaCount: {{ .Values.replicas.element }} - -resources: - {{ .Values.resources.element | toYaml | nindent 2 }} - -service: - annotations: - {{ .Values.annotations.element.service | toYaml | nindent 4 }} - -serviceAccount: - annotations: - {{ .Values.annotations.element.serviceAccount | toYaml | nindent 4 }} - -theme: - title: "Chat - {{ .Values.theme.texts.productName }}" - {{ .Values.theme | toYaml | nindent 2 }} - -... + image: + imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }} + registry: {{ coalesce .Values.global.imageRegistry .Values.images.elementWeb.registry | quote }} + repository: {{ .Values.images.elementWeb.repository | quote }} + tag: {{ .Values.images.elementWeb.tag | quote }} + ingress: + className: {{ .Values.ingress.ingressClassName | quote }} + host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}" + tlsSecret: {{ .Values.ingress.tls.secretName | quote }} +#initSecrets: +# # needed for syn2mas +# enabled: false +matrixAuthenticationService: + # + enabled: false +# ingress: +# #host: .Values.global.hosts.synapseMAS .{{ .Values.global.domain }} +# host: mas.{{ .Values.global.domain }} +# postgres: +# database: {{ .Values.databases.synapseMAS.name | quote }} +# host: {{ .Values.databases.synapseMAS.host | quote }} +# password: +# password: {{ .Values.databases.synapseMAS.password | default .Values.secrets.postgresql.matrixMASUser | quote }} +# user: {{ .Values.databases.synapseMAS.username | quote }} +matrixRTC: + enabled: false +serverName: {{ .Values.global.matrixDomain | default .Values.global.domain }} +synapse: + additional: + 0-customConfig: + config: | + sso: + client_whitelist: + - https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }} + oidc_providers: + - idp_id: oidc + idp_name: OIDC + issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}" + client_id: opendesk-matrix + client_secret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }} + scopes: + - openid + - opendesk-matrix-scope + allow_existing_users: true + user_mapping_provider: + config: + subject_template: "{{`{{ user.opendesk_useruuid }}`}}" + display_name_template: "{{`{{ user.name }}`}}" + localpart_template: "{{`{{`}} user.{{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}opendesk_useruuid{{ else }}opendesk_username{{ end }} {{`}}`}}" + email_template: "{{`{{ user.email }}`}}" + backchannel_logout_enabled: true + backchannel_logout_ignore_sub: true + ingress: + className: {{ .Values.ingress.ingressClassName | quote }} + host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}" + tlsSecret: {{ if .Values.global.matrixDomain }}"opendesk-certificates-synapse-tls"{{ else }}"opendesk-certificates-tls"{{ end }} + macaroon: + value: {{ .Values.secrets.synapse.registrationSharedSecret | quote }} + postgres: + database: {{ .Values.databases.synapse.name | quote }} + host: {{ .Values.databases.synapse.host | quote }} + password: + value: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }} + user: {{ .Values.databases.synapse.username | quote }} + registrationSharedSecret: + value: {{ .Values.secrets.synapse.registrationSharedSecret | quote }} + signingKey: + value: "ed25519 0 bNQOzBUDszff7Ax81z6w0uZ1IPWoxYaazT7emaZEfpw" + workers: + sso-login: + enabled: true +wellKnownDelegation: + enabled: false diff --git a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl index cc11c8a9..d6734fc7 100644 --- a/helmfile/apps/services-external/values-postgresql.yaml.gotmpl +++ b/helmfile/apps/services-external/values-postgresql.yaml.gotmpl @@ -61,6 +61,9 @@ job: - username: {{ .Values.databases.synapse.username | quote }} password: {{ .Values.secrets.postgresql.matrixUser | quote }} connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} + - username: {{ .Values.databases.synapseMAS.username | quote }} + password: {{ .Values.secrets.postgresql.matrixMASUser | quote }} + connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} - username: {{ .Values.databases.umsNotificationsApi.username | quote }} password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }} connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }} @@ -95,6 +98,9 @@ job: - name: {{ .Values.databases.synapse.name | quote }} user: {{ .Values.databases.synapse.username | quote }} additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0" + - name: {{ .Values.databases.synapseMAS.name | quote }} + user: {{ .Values.databases.synapseMAS.username | quote }} + additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0" - name: {{ .Values.databases.umsGuardianManagementApi.name | quote }} user: {{ .Values.databases.umsGuardianManagementApi.username | quote }} - name: {{ .Values.databases.umsNotificationsApi.name | quote }} diff --git a/helmfile/environments/default/charts.yaml.gotmpl b/helmfile/environments/default/charts.yaml.gotmpl index 849f34ef..9d4887b3 100644 --- a/helmfile/environments/default/charts.yaml.gotmpl +++ b/helmfile/environments/default/charts.yaml.gotmpl @@ -100,25 +100,17 @@ charts: version: "3.2.1" verify: true element: - # providerCategory: "Platform" - # providerResponsible: "openDesk" - # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-element" + # providerCategory: "Supplier" + # providerResponsible: "Element" + # upstreamRegistry: "https://ghcr.io/element-hq/ess-helm" + # upstreamRepository: "matrix-stack" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["25", "11", "0"] registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-element" - version: "6.1.7" - verify: true - elementWellKnown: - # providerCategory: "Platform" - # providerResponsible: "openDesk" - # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-well-known" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-well-known" - version: "6.1.7" - verify: true + repository: "bmi/opendesk/components/supplier/element/charts-mirror" + name: "matrix-stack" + version: "25.11.0" + verify: false home: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -459,34 +451,6 @@ charts: name: "redis" version: "18.6.1" verify: true - synapse: - # providerCategory: "Supplier" - # providerResponsible: "Element" - # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-synapse" - version: "6.1.7" - verify: true - synapseAdmin: - # Enterprise Component - # providerCategory: "Supplier" - # providerResponsible: "Element" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-synapse-admin" - version: "5.0.1" - verify: true - synapseAdminbotWeb: - # Enterprise Component - # providerCategory: "Supplier" - # providerResponsible: "Element" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-synapse-adminbot-web" - version: "5.0.1" - verify: true synapseCreateAccount: # providerCategory: "Platform" # providerResponsible: "openDesk" @@ -497,34 +461,6 @@ charts: name: "opendesk-synapse-create-account" version: "6.1.7" verify: true - synapseGroupsync: - # Enterprise Component - # providerCategory: "Supplier" - # providerResponsible: "Element" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-synapse-groupsync" - version: "5.0.1" - verify: true - synapsePipe: - # Enterprise Component - # providerCategory: "Supplier" - # providerResponsible: "Element" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-synapse-pipe" - version: "5.0.1" - verify: true - synapseWeb: - # providerCategory: "Platform" - # providerResponsible: "openDesk" - # upstreamRegistry: "https://registry.opencode.de" - # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-web" - registry: "registry.opencode.de" - repository: "bmi/opendesk/components/platform-development/charts/opendesk-element" - name: "opendesk-synapse-web" - version: "6.1.7" - verify: true xwiki: # providerCategory: "Supplier" # providerResponsible: "XWiki" diff --git a/helmfile/environments/default/database.yaml.gotmpl b/helmfile/environments/default/database.yaml.gotmpl index 6fbb2321..300c1449 100644 --- a/helmfile/environments/default/database.yaml.gotmpl +++ b/helmfile/environments/default/database.yaml.gotmpl @@ -99,6 +99,29 @@ databases: connectionPoolMin: "3" connectionPoolMax: "5" connectionLimit: ~ + synapseMAS: + type: "postgresql" + name: "matrixMAS" + host: "postgresql" + port: 5432 + username: "matrix_mas_user" + password: "" + requireAuth: [] + channelBinding: "prefer" + connectTimeout: 10 + clientEncoding: "auto" + keepalives: 1 + keepalivesIdle: 10 + keepalivesInterval: 10 + keepalivesCount: 3 + replication: false + gssencmode: "prefer" + sslmode: "prefer" + sslcompression: 0 + sslMinProtocolVersion: "TLSv1.2" + connectionPoolMin: "3" + connectionPoolMax: "5" + connectionLimit: ~ umsAuthSession: type: "postgresql" name: "nubus_authsession" diff --git a/helmfile/environments/default/images.yaml.gotmpl b/helmfile/environments/default/images.yaml.gotmpl index 093d9833..6a3a8bb3 100644 --- a/helmfile/environments/default/images.yaml.gotmpl +++ b/helmfile/environments/default/images.yaml.gotmpl @@ -92,12 +92,16 @@ images: registry: "registry-1.docker.io" repository: "alpine/k8s" tag: "1.34.0@sha256:b5f6edfeac5279f3e182d938d1ffecb62f7c980756ac4b6b66d7f0d566782f77" - element: + elementAdmin: # providerCategory: "Supplier" # providerResponsible: "Element" + # upstreamRegistry: "https://oci.element.io" + # upstreamRepository: "element-admin" + # upstreamMirrorTagFilterRegEx: '(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "1", "8"] registry: "registry.opencode.de" - repository: "bmi/opendesk/components/supplier/element/images/opendesk-element-web" - tag: "v1.12.0@sha256:a2ff739dc3eee008a5046c4d3a8721f4dd2a27dd6c80a12cb9baf64525c9b617" + repository: "bmi/opendesk/components/supplier/element/images-mirror/element-admin" + tag: "0.1.8@sha256:ac3878337c7061b799948afb85d5c18074191ab752974b3c8ece185ea934c0d1" elementAdminBot: # Enterprise Component # providerCategory: "Supplier" @@ -119,13 +123,6 @@ images: registry: "registry.opencode.de" repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/pipe" tag: "6.3.1@sha256:7f487af25f220d31aa987665f9d1393b42e925c6b1a7e0458daaa91e8e7bf0c4" - elementSynapseAdmin: - # Enterprise Component - # providerCategory: "Supplier" - # providerResponsible: "Element" - registry: "registry.opencode.de" - repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/synapse_admin" - tag: "v16.105.5-24.10@sha256:563979fc69162adf93f1286cf79dcbe58adf878a0e4e9332044e5ab6a7170350" elementSyncAdmins: # Enterprise Component # providerCategory: "Supplier" @@ -133,6 +130,16 @@ images: registry: "registry.opencode.de" repository: "bmi/opendesk/components/platform-development/images/opendesk-element-syncadmins" tag: "1.0.5@sha256:ae0e18eadea762e11f8edacc52285742a5c4ed6e2e92bfa32ec5638e377e7b7b" + elementWeb: + # providerCategory: "Supplier" + # providerResponsible: "Element" + # upstreamRegistry: "https://ghcr.io" + # upstreamRepository: "element-hq/element-web" + # upstreamMirrorTagFilterRegEx: 'v(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["1", "12", "2"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/element/images-mirror/element-web" + tag: "1.12.3@sha256:c32818c43fd361d8440e46a86b51a7e3092a094502e2f097ec9b8fd93ccb3a85" freshclam: # providerCategory: "Community" # providerResponsible: "openDesk" @@ -237,6 +244,44 @@ images: registry: "registry-1.docker.io" repository: "library/mariadb" tag: "10.6.21@sha256:8a16204dc96c08ed0ee2c52c0f9324aa5d2dd0e43ad23a471d447a39f75765b5" + matrixAuthenticationService: + # providerCategory: "Supplier" + # providerResponsible: "Element" + # upstreamRegistry: "https://ghcr.io" + # upstreamRepository: "element-hq/matrix-authentication-service" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["1", "5", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-authentication-service" + tag: "1.5.0@sha256:6c4ecc128668ae3cbf9cb319ee45ad45c0f01a96adca4841d10e662dd4a7fdc1" + matrixHaproxy: + # providerCategory: "Community" + # providerResponsible: "openDesk" + # upstreamRegistry: "https://registry-1.docker.io" + # upstreamRepository: "library/haproxy" + registry: "registry-1.docker.io" + repository: "library/haproxy" + tag: "3.2-alpine@sha256:f36a98e862b839cff180f0cbaf96ce71c1f2b61e6914f94e8e861c9fad755be5" + matrixLkJwtService: + # providerCategory: "Supplier" + # providerResponsible: "Element" + # upstreamRegistry: "https://ghcr.io" + # upstreamRepository: "element-hq/lk-jwt-service" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "3", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/element/images-mirror/lk-jwt-service" + tag: "0.3.0@sha256:52357326970d3f3e3cf6e9c33766e49cf2665e2cd57842e29a5c298514bd2e58" + matrixSyn2Mas: + # providerCategory: "Supplier" + # providerResponsible: "Element" + # upstreamRegistry: "https://ghcr.io" + # upstreamRepository: "element-hq/matrix-authentication-service" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)-debug$' + # upstreamMirrorStartFrom: ["1", "5", "0"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-authentication-service" + tag: "1.5.0-debug@sha256:8809ab9c22c5cfed682fbf5de79190cf15e2ee8607d3f83d69859c01744aba97" matrixNeoBoardWidget: # providerCategory: "Supplier" # providerResponsible: "Nordeck" @@ -277,6 +322,16 @@ images: registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-widget" tag: "1.7.2@sha256:f876267ed81148ece68cc95bdad7be9c3cce89ce944dbf1b97161e16f72c0cda" + matrixTools: + # providerCategory: "Supplier" + # providerResponsible: "Element" + # upstreamRegistry: "https://ghcr.io" + # upstreamRepository: "element-hq/ess-helm/matrix-tools" + # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$' + # upstreamMirrorStartFrom: ["0", "5", "6"] + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-tools" + tag: "0.5.6@sha256:ba7f3de19a082d11416d5ab9c8aa280af6ab04f139995ea59462a107def12379" matrixUserVerificationService: # providerCategory: "Supplier" # providerResponsible: "Element" @@ -954,13 +1009,13 @@ images: synapse: # providerCategory: "Supplier" # providerResponsible: "Element" - # upstreamRegistry: "https://registry-1.docker.io" - # upstreamRepository: "matrixdotorg/synapse" + # upstreamRegistry: "https://ghcr.io" + # upstreamRepository: "element-hq/synapse" # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)$' - # upstreamMirrorStartFrom: ["1", "91", "2"] + # upstreamMirrorStartFrom: ["1", "141", "0"] registry: "registry.opencode.de" repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse" - tag: "v1.141.0@sha256:4914f40c9fbfb29e4157bd1f7db87169894505c2c66dfdb4fcad5a34cd42f924" + tag: "v1.141.0@sha256:562adbfc3df12d1024c7277b9807086ed79d8d5fabe24187a31d787af050a6a4" synapseCreateUser: # providerCategory: "Community" # providerResponsible: "Nordeck" diff --git a/helmfile/environments/default/secrets.yaml.gotmpl b/helmfile/environments/default/secrets.yaml.gotmpl index f21617fe..8cb265b2 100644 --- a/helmfile/environments/default/secrets.yaml.gotmpl +++ b/helmfile/environments/default/secrets.yaml.gotmpl @@ -62,6 +62,7 @@ secrets: keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }} keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }} matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }} + matrixMASUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_mas_user" | sha1sum | quote }} nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "nextcloud_user" | sha1sum | quote }} notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }} openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}