From cc0daa2a22837c00583038ffd9df7e669004e84e Mon Sep 17 00:00:00 2001 From: Dominik Kaminski Date: Wed, 6 Dec 2023 17:14:31 +0100 Subject: [PATCH] fix(services): Use Charts from openCoDE registry --- docs/getting-started.md | 32 +- docs/security.md | 8 +- examples/private-helm-registry.yaml.gotmpl | 266 +++++++ helmfile/apps/collabora/helmfile.yaml | 16 +- helmfile/apps/cryptpad/helmfile.yaml | 18 +- helmfile/apps/element/helmfile.yaml | 181 +++-- helmfile/apps/intercom-service/helmfile.yaml | 18 +- helmfile/apps/jitsi/helmfile.yaml | 18 +- .../apps/keycloak-bootstrap/helmfile.yaml | 20 +- helmfile/apps/keycloak/helmfile.yaml | 54 +- helmfile/apps/nextcloud/helmfile.yaml | 38 +- helmfile/apps/open-xchange/helmfile.yaml | 60 +- .../apps/openproject-bootstrap/helmfile.yaml | 22 +- helmfile/apps/openproject/helmfile.yaml | 19 +- helmfile/apps/openproject/values.yaml | 11 +- helmfile/apps/provisioning/helmfile.yaml | 16 +- helmfile/apps/services/helmfile.yaml | 208 +++-- helmfile/apps/services/values-mariadb.gotmpl | 3 + .../helmfile.yaml | 21 +- .../univention-management-stack/helmfile.yaml | 128 +--- helmfile/apps/xwiki/helmfile.yaml | 16 +- helmfile/environments/default/charts.yaml | 714 ++++++++++++++++++ helmfile/environments/default/images.yaml | 2 +- helmfile/files/gpg-pubkeys/opencode.gpg | Bin 0 -> 2291 bytes .../files/gpg-pubkeys/opencode.gpg.license | 2 + .../files/gpg-pubkeys/openproject-com.gpg | Bin 3232 -> 2328 bytes 26 files changed, 1351 insertions(+), 540 deletions(-) create mode 100644 examples/private-helm-registry.yaml.gotmpl create mode 100644 helmfile/environments/default/charts.yaml create mode 100644 helmfile/files/gpg-pubkeys/opencode.gpg create mode 100644 helmfile/files/gpg-pubkeys/opencode.gpg.license diff --git a/docs/getting-started.md b/docs/getting-started.md index de55c0a0..f7f268b8 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -12,7 +12,7 @@ This documentation should enable you to create your own evaluation instance of o * [Customize environment](#customize-environment) * [Domain](#domain) * [Apps](#apps) - * [Private OCI registry](#private-oci-registry) + * [Private Image registry](#private-image-registry) * [Private Helm registry](#private-helm-registry) * [Cluster capabilities](#cluster-capabilities) * [Service](#service) @@ -129,9 +129,9 @@ jitsi: enabled: false ``` -### Private OCI registry +### Private Image registry -By default, all OCI artifacts are proxied via the project's container registry, which should get replaced soon by the +By default, all OCI artifacts are proxied via the project's image registry, which should get replaced soon by the OCI registries provided by Open CoDE. You also can set your own registry by: @@ -156,12 +156,32 @@ global: ### Private Helm registry -Some apps use Chart Museum style helm registries. You can use your own registry by setting this environment variable: +Some apps use OCI style registry and some use Helm chart museum style registries. +In `helmfile/environments/default/charts.yaml` you can find all helm charts used and modify their registry, repository +or version. -```shell -export PRIVATE_CHART_REPOSITORY_URL=charts.open.desk +As an example, you can also use helmfile methods to use just a single environment variable to set registry and +authentication for all OCI helm charts. + +```yaml +charts: + certificates: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} ``` +There is a full example including http and OCI style registries in `examples/private-helm-registry.yaml.gotmpl`. +The following environment variables have to be exposed when using the example: + +| Environment variable | Description | +|-------------------------------------|--------------------------------------------------------------------------------------------| +| `OD_PRIVATE_HELM_OCI_REGISTRY` | Registry for OCI hosted helm charts, example: `external-registry.souvap-univention.de` | +| `OD_PRIVATE_HELM_HTTP_REGISTRY` | Registry URI for http hosted helm charts, `https://external-registry.souvap-univention.de` | +| `OD_PRIVATE_HELM_REGISTRY_USERNAME` | Username | +| `OD_PRIVATE_HELM_REGISTRY_PASSWORD` | Password | + + ### Cluster capabilities #### Service diff --git a/docs/security.md b/docs/security.md index 838bb255..1d687478 100644 --- a/docs/security.md +++ b/docs/security.md @@ -37,7 +37,7 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The | opendesk-keycloak-bootstrap-repo | yes | :white_check_mark: | | opendesk-nextcloud-bootstrap-repo | yes | :white_check_mark: | | opendesk-open-xchange-bootstrap-repo | yes | :white_check_mark: | -| openproject-repo | no | :x: | +| openproject-repo | yes | :white_check_mark: | | openxchange-repo | yes | :x: | | ox-connector-repo | no | :x: | | postfix-repo | yes | :white_check_mark: | @@ -84,7 +84,7 @@ This list gives you an overview of default security settings and if they comply | Open-Xchange | core-documentconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - | | | core-guidedtours | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | core-imageconverter | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 987 | 1000 | - | -| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | +| | core-mw-default | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | | | core-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | core-ui-middleware | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | core-ui-middleware-updater | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | @@ -93,11 +93,11 @@ This list gives you an overview of default security settings and if they comply | | guard-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | nextlcoud-integration-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | | | public-sector-ui | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | - | -| OpenProject | openproject | :x: | :white_check_mark: | :x: | :white_check_mark: | :x: | :x: | - | - | - | +| OpenProject | openproject | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1000 | 1000 | 1000 | | Postfix | postfix | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 | | PostgreSQL | postgresql | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 1001 | 1001 | | Redis | redis | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 1001 | 0 | 1001 | -| UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | +| UCC | univention-corporate-container | :x: | :x: | :x: | :x: | :x: | :x: | - | - | - | | XWiki | xwiki | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 101 | | | xwiki initContainers | :x: | :x: | :x: | :white_check_mark: | :x: | :x: | - | - | 101 | diff --git a/examples/private-helm-registry.yaml.gotmpl b/examples/private-helm-registry.yaml.gotmpl new file mode 100644 index 00000000..216ac645 --- /dev/null +++ b/examples/private-helm-registry.yaml.gotmpl @@ -0,0 +1,266 @@ +{{/* +SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +SPDX-License-Identifier: Apache-2.0 +*/}} +--- +charts: + certificates: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + clamav: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + clamavSimple: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + collabora: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + cryptpad: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + dovecot: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + element: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + elementWellKnown: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + intercomService: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + istioResources: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + jitsi: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloak: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloakBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloakExtensions: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + keycloakTheme: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + mariadb: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeoboardWidget: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeochoiseWidget: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeodatefixBot: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixNeodatefixWidget: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + matrixUserVerificationService: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + memcached: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + minio: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + nextcloud: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + nextcloudBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + nginx: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openproject: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openprojectBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openXchangeAppSuite: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + openXchangeAppSuiteBootstrap: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + otterize: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + oxConnector: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + postfix: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + postgresql: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + redis: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + synapse: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + synapseCreateAccount: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + synapseWeb: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsLdapNotifier: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsLdapServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsNotificationsApi: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsPortalFrontend: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsPortalListener: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsPortalServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsStackDataSwp: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsStackDataUms: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsStoreDav: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsUdmRestApi: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsUmcGateway: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + umsUmcServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + univentionCorporateServer: + registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} + + xwiki: + registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }} + username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }} +... diff --git a/helmfile/apps/collabora/helmfile.yaml b/helmfile/apps/collabora/helmfile.yaml index 9b86d662..2b40af7d 100644 --- a/helmfile/apps/collabora/helmfile.yaml +++ b/helmfile/apps/collabora/helmfile.yaml @@ -3,25 +3,19 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # Collabora Online # Source: https://github.com/CollaboraOnline/online - name: "collabora-online-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://collaboraonline.github.io/online" }} + username: "{{ .Values.charts.collabora.username }}" + password: {{ .Values.charts.collabora.password | quote }} + url: "{{ .Values.charts.collabora.registry }}/{{ .Values.charts.collabora.repository }}" releases: - # renovate: - # registryUrl=https://collaboraonline.github.io/online - # packageName=collabora-online - # dataSource=helm - # dependencyType=vendor - name: "collabora-online" - chart: "collabora-online-repo/collabora-online" - version: "1.0.2" + chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}" + version: "{{ .Values.charts.collabora.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/cryptpad/helmfile.yaml b/helmfile/apps/cryptpad/helmfile.yaml index 821db806..0de0a820 100644 --- a/helmfile/apps/cryptpad/helmfile.yaml +++ b/helmfile/apps/cryptpad/helmfile.yaml @@ -3,25 +3,19 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # CryptPad # Source: https://github.com/cryptpad/helm - - name: "cryptpad-online-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://cryptpad.github.io/helm" }} + - name: "cryptpad-repo" + username: "{{ .Values.charts.cryptpad.username }}" + password: {{ .Values.charts.cryptpad.password | quote }} + url: "{{ .Values.charts.cryptpad.registry }}/{{ .Values.charts.cryptpad.repository }}" releases: - # renovate: - # registryUrl=https://cryptpad.github.io/helm - # packageName=cryptpad - # dataSource=helm - # dependencyType=vendor - name: "cryptpad" - chart: "cryptpad-online-repo/cryptpad" - version: "0.0.14" + chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}" + version: "{{ .Values.charts.cryptpad.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/element/helmfile.yaml b/helmfile/apps/element/helmfile.yaml index b2bff4ae..13955d9c 100644 --- a/helmfile/apps/element/helmfile.yaml +++ b/helmfile/apps/element/helmfile.yaml @@ -7,177 +7,176 @@ bases: repositories: # openDesk Element # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/sovereign-workplace-element - - name: "opendesk-element-repo" + - name: "element-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.element.username }}" + password: {{ .Values.charts.element.password | quote }} + url: "{{ .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}" + - name: "element-well-known-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.elementWellKnown.username }}" + password: {{ .Values.charts.elementWellKnown.password | quote }} + url: "{{ .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}" + - name: "synapse-web-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.synapseWeb.username }}" + password: {{ .Values.charts.synapseWeb.password | quote }} + url: "{{ .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}" + - name: "synapse-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.synapse.username }}" + password: {{ .Values.charts.synapse.password | quote }} + url: "{{ .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}" + - name: "synapse-create-account-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.element.verify }} + username: "{{ .Values.charts.synapseCreateAccount.username }}" + password: {{ .Values.charts.synapseCreateAccount.password | quote }} + url: "{{ .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}" # openDesk Matrix Widgets # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets - - name: "opendesk-matrix-widgets-repo" + - name: "matrix-user-verification-service-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixUserVerificationService.verify }} + username: "{{ .Values.charts.matrixUserVerificationService.username }}" + password: {{ .Values.charts.matrixUserVerificationService.password | quote }} + url: "{{ .Values.charts.matrixUserVerificationService.registry }}/\ + {{ .Values.charts.matrixUserVerificationService.repository }}" + - name: "matrix-neoboard-widget-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: "{{ .Values.charts.matrixNeoboardWidget.username }}" + password: {{ .Values.charts.matrixNeoboardWidget.password | quote }} + url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neochoice-widget-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeoboardWidget.verify }} + username: "{{ .Values.charts.matrixNeoboardWidget.username }}" + password: {{ .Values.charts.matrixNeoboardWidget.password | quote }} + url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}" + - name: "matrix-neodatefix-widget-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeodatefixWidget.verify }} + username: "{{ .Values.charts.matrixNeodatefixWidget.username }}" + password: {{ .Values.charts.matrixNeodatefixWidget.password | quote }} + url: "{{ .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}" + - name: "matrix-neodatefix-bot-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.matrixNeodatefixBot.verify }} + username: "{{ .Values.charts.matrixNeodatefixBot.username }}" + password: {{ .Values.charts.matrixNeodatefixBot.password | quote }} + url: "{{ .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}" + releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element - # dataSource=docker - # dependencyType=vendor - name: "opendesk-element" - chart: "opendesk-element-repo/opendesk-element" - version: "2.6.0" + chart: "element-repo/{{ .Values.charts.element.name }}" + version: "{{ .Values.charts.element.version }}" values: - "values-element.yaml" - "values-element.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known - # dataSource=docker - # dependencyType=vendor - name: "opendesk-well-known" - chart: "opendesk-element-repo/opendesk-well-known" - version: "2.6.0" + chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}" + version: "{{ .Values.charts.elementWellKnown.version }}" values: - "values-well-known.yaml" - "values-well-known.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web - # dataSource=docker - # dependencyType=vendor - name: "opendesk-synapse-web" - chart: "opendesk-element-repo/opendesk-synapse-web" - version: "2.6.0" + chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}" + version: "{{ .Values.charts.synapseWeb.version }}" values: - "values-synapse-web.yaml" - "values-synapse-web.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse - # dataSource=docker - # dependencyType=vendor - name: "opendesk-synapse" - chart: "opendesk-element-repo/opendesk-synapse" - version: "2.6.0" + chart: "synapse-repo/{{ .Values.charts.synapse.name }}" + version: "{{ .Values.charts.synapse.version }}" values: - "values-synapse.yaml" - "values-synapse.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account - # dataSource=docker - # dependencyType=vendor - name: "opendesk-matrix-user-verification-service-bootstrap" - chart: "opendesk-element-repo/opendesk-synapse-create-account" - version: "2.6.0" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" values: - "values-matrix-user-verification-service-bootstrap.yaml" - "values-matrix-user-verification-service-bootstrap.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service - # dataSource=docker - # dependencyType=vendor - name: "opendesk-matrix-user-verification-service" - chart: "opendesk-element-repo/opendesk-matrix-user-verification-service" - version: "2.6.0" + chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}" + version: "{{ .Values.charts.matrixUserVerificationService.version }}" values: - "values-matrix-user-verification-service.yaml" - "values-matrix-user-verification-service.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget - # dataSource=docker - # dependencyType=vendor - name: "matrix-neoboard-widget" - chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget" - version: "3.3.0" + chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}" + version: "{{ .Values.charts.matrixNeoboardWidget.version }}" values: - "values-matrix-neoboard-widget.yaml" - "values-matrix-neoboard-widget.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget - # dataSource=docker - # dependencyType=vendor - name: "matrix-neochoice-widget" - chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget" - version: "3.3.0" + chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}" + version: "{{ .Values.charts.matrixNeochoiseWidget.version }}" values: - "values-matrix-neochoice-widget.yaml" - "values-matrix-neochoice-widget.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget - # dataSource=docker - # dependencyType=vendor - name: "matrix-neodatefix-widget" - chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget" - version: "3.3.0" + chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}" + version: "{{ .Values.charts.matrixNeodatefixWidget.version }}" values: - "values-matrix-neodatefix-widget.yaml" - "values-matrix-neodatefix-widget.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account - # dataSource=docker - # dependencyType=vendor - name: "matrix-neodatefix-bot-bootstrap" - chart: "opendesk-element-repo/opendesk-synapse-create-account" - version: "2.6.0" + chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}" + version: "{{ .Values.charts.synapseCreateAccount.version }}" values: - "values-matrix-neodatefix-bot-bootstrap.yaml" - "values-matrix-neodatefix-bot-bootstrap.gotmpl" installed: {{ .Values.element.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot - # dataSource=docker - # dependencyType=vendor - name: "matrix-neodatefix-bot" - chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot" - version: "3.3.0" + chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}" + version: "{{ .Values.charts.matrixNeodatefixBot.version }}" values: - "values-matrix-neodatefix-bot.yaml" - "values-matrix-neodatefix-bot.gotmpl" diff --git a/helmfile/apps/intercom-service/helmfile.yaml b/helmfile/apps/intercom-service/helmfile.yaml index 3383934d..349c6584 100644 --- a/helmfile/apps/intercom-service/helmfile.yaml +++ b/helmfile/apps/intercom-service/helmfile.yaml @@ -3,28 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # Intercom Service # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service - name: "intercom-service-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/intercom-service" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.intercomService.verify }} + username: "{{ .Values.charts.intercomService.username }}" + password: {{ .Values.charts.intercomService.password | quote }} + url: "{{ .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/intercom-service/intercom-service - # dataSource=docker - # dependencyType=vendor - name: "intercom-service" - chart: "intercom-service-repo/intercom-service" - version: "2.0.1" + chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}" + version: "{{ .Values.charts.intercomService.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/jitsi/helmfile.yaml b/helmfile/apps/jitsi/helmfile.yaml index 80f7f5a2..98aaad61 100644 --- a/helmfile/apps/jitsi/helmfile.yaml +++ b/helmfile/apps/jitsi/helmfile.yaml @@ -3,28 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Jitsi # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-jitsi - name: "jitsi-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.jitsi.verify }} + username: "{{ .Values.charts.jitsi.username }}" + password: {{ .Values.charts.jitsi.password | quote }} + url: "{{ .Values.charts.jitsi.registry }}/{{ .Values.charts.jitsi.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi - # dataSource=docker - # dependencyType=vendor - name: "jitsi" - chart: "jitsi-repo/sovereign-workplace-jitsi" - version: "1.7.1" + chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}" + version: "{{ .Values.charts.jitsi.version }}" values: - "values-jitsi.gotmpl" installed: {{ .Values.jitsi.enabled }} diff --git a/helmfile/apps/keycloak-bootstrap/helmfile.yaml b/helmfile/apps/keycloak-bootstrap/helmfile.yaml index 88846ebb..45f69649 100644 --- a/helmfile/apps/keycloak-bootstrap/helmfile.yaml +++ b/helmfile/apps/keycloak-bootstrap/helmfile.yaml @@ -3,30 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Keycloak Bootstrap # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap - name: "opendesk-keycloak-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.keycloakBootstrap.verify }} + username: "{{ .Values.charts.keycloakBootstrap.username }}" + password: {{ .Values.charts.keycloakBootstrap.password | quote }} + url: "{{ .Values.charts.keycloakBootstrap.registry }}/{{ .Values.charts.keycloakBootstrap.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-keycloak-bootstrap" - chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap" - version: "1.1.12" + chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.keycloakBootstrap.name }}" + version: "{{ .Values.charts.keycloakBootstrap.version }}" values: - "values-bootstrap.gotmpl" - "values-bootstrap.yaml" diff --git a/helmfile/apps/keycloak/helmfile.yaml b/helmfile/apps/keycloak/helmfile.yaml index 04dfe504..fa631242 100644 --- a/helmfile/apps/keycloak/helmfile.yaml +++ b/helmfile/apps/keycloak/helmfile.yaml @@ -3,54 +3,45 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - - name: "bitnami-repo" + - name: "keycloak-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.keycloak.verify }} + username: "{{ .Values.charts.keycloak.username }}" + password: {{ .Values.charts.keycloak.password | quote }} + url: "{{ .Values.charts.keycloak.registry }}/{{ .Values.charts.keycloak.repository }}" + # openDesk Keycloak Theme # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme - name: "keycloak-theme-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/keycloak-theme" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.keycloakTheme.verify }} + username: "{{ .Values.charts.keycloakTheme.username }}" + password: {{ .Values.charts.keycloakTheme.password | quote }} + url: "{{ .Values.charts.keycloakTheme.registry }}/{{ .Values.charts.keycloakTheme.repository }}" + # openDesk Keycloak Extensions - name: "keycloak-extensions-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }} + username: "{{ .Values.charts.keycloakExtensions.username }}" + password: {{ .Values.charts.keycloakExtensions.password | quote }} + url: "{{ .Values.charts.keycloakExtensions.registry }}/{{ .Values.charts.keycloakExtensions.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme - # dataSource=docker - # dependencyType=vendor - name: "keycloak-theme" - chart: "keycloak-theme-repo/opendesk-keycloak-theme" - version: "2.0.0" + chart: "keycloak-theme-repo/{{ .Values.charts.keycloakTheme.name }}" + version: "{{ .Values.charts.keycloakTheme.version }}" values: - "values-theme.gotmpl" installed: {{ .Values.keycloak.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/keycloak - # dataSource=docker - # dependencyType=vendor - name: "keycloak" - chart: "bitnami-repo/keycloak" - version: "12.1.5" + chart: "keycloak-repo/{{ .Values.charts.keycloak.name }}" + version: "{{ .Values.charts.keycloak.version }}" values: - "values-keycloak.gotmpl" - "values-keycloak.yaml" @@ -58,14 +49,9 @@ releases: wait: true installed: {{ .Values.keycloak.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable - # packageName=keycloak-extensions - # dataSource=helm - # dependencyType=vendor - name: "keycloak-extensions" - chart: "keycloak-extensions-repo/keycloak-extensions" - version: "0.1.0" + chart: "keycloak-extensions-repo/{{ .Values.charts.keycloakExtensions.name }}" + version: "{{ .Values.charts.keycloakExtensions.version }}" needs: - "keycloak" values: diff --git a/helmfile/apps/nextcloud/helmfile.yaml b/helmfile/apps/nextcloud/helmfile.yaml index a98501ed..ae8d94c7 100644 --- a/helmfile/apps/nextcloud/helmfile.yaml +++ b/helmfile/apps/nextcloud/helmfile.yaml @@ -3,37 +3,30 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Keycloak Bootstrap # Source: # https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap - - name: "opendesk-nextcloud-bootstrap-repo" + - name: "nextcloud-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.nextcloudBootstrap.verify }} + username: "{{ .Values.charts.nextcloudBootstrap.username }}" + password: {{ .Values.charts.nextcloudBootstrap.password | quote }} + url: "{{ .Values.charts.nextcloudBootstrap.registry }}/{{ .Values.charts.nextcloudBootstrap.repository }}" + # Nextcloud # Source: https://github.com/nextcloud/helm/ - name: "nextcloud-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://nextcloud.github.io/helm/" }} + username: "{{ .Values.charts.nextcloud.username }}" + password: {{ .Values.charts.nextcloud.password | quote }} + url: "{{ .Values.charts.nextcloud.registry }}/{{ .Values.charts.nextcloud.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-nextcloud-bootstrap" - chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap" - version: "3.2.6" + chart: "nextcloud-bootstrap-repo/{{ .Values.charts.nextcloudBootstrap.name }}" + version: "{{ .Values.charts.nextcloudBootstrap.version }}" wait: true waitForJobs: true values: @@ -42,14 +35,9 @@ releases: installed: {{ .Values.nextcloud.enabled }} timeout: 900 - # renovate: - # registryUrl=https://nextcloud.github.io/helm - # packageName=nextcloud - # dataSource=helm - # dependencyType=vendor - name: "nextcloud" - chart: "nextcloud-repo/nextcloud" - version: "3.5.19" + chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}" + version: "{{ .Values.charts.nextcloud.version }}" needs: - "opendesk-nextcloud-bootstrap" values: diff --git a/helmfile/apps/open-xchange/helmfile.yaml b/helmfile/apps/open-xchange/helmfile.yaml index d2c4ca36..d896271d 100644 --- a/helmfile/apps/open-xchange/helmfile.yaml +++ b/helmfile/apps/open-xchange/helmfile.yaml @@ -3,58 +3,49 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Dovecot # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot - - name: "opendesk-dovecot-repo" + - name: "dovecot-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/dovecot" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.dovecot.verify }} + username: "{{ .Values.charts.dovecot.username }}" + password: {{ .Values.charts.dovecot.password | quote }} + url: "{{ .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}" + # Open-Xchange - - name: "openxchange-repo" + - name: "open-xchange-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }} + username: "{{ .Values.charts.openXchangeAppSuite.username }}" + password: {{ .Values.charts.openXchangeAppSuite.password | quote }} + url: "{{ .Values.charts.openXchangeAppSuite.registry }}/{{ .Values.charts.openXchangeAppSuite.repository }}" + # openDesk Open-Xchange Bootstrap # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap - - name: "opendesk-open-xchange-bootstrap-repo" + - name: "open-xchange-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }} + username: "{{ .Values.charts.openXchangeAppSuiteBootstrap.username }}" + password: {{ .Values.charts.openXchangeAppSuiteBootstrap.password | quote }} + url: "{{ .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\ + {{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/dovecot/dovecot - # dataSource=docker - # dependencyType=vendor - name: "dovecot" - chart: "opendesk-dovecot-repo/dovecot" - version: "1.3.6" + chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}" + version: "{{ .Values.charts.dovecot.version }}" values: - "values-dovecot.yaml" - "values-dovecot.gotmpl" installed: {{ .Values.dovecot.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.open-xchange.com - # packageName=appsuite-public-sector/charts/appsuite-public-sector - # dataSource=docker - # dependencyType=vendor - name: "open-xchange" - chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector" - version: "2.1.1" + chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}" + version: "{{ .Values.charts.openXchangeAppSuite.version }}" values: - "values-openxchange.yaml" - "values-openxchange.gotmpl" @@ -63,14 +54,9 @@ releases: installed: {{ .Values.oxAppsuite.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-open-xchange-bootstrap" - chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap" - version: "1.3.1" + chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}" + version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}" values: - "values-openxchange-bootstrap.gotmpl" installed: {{ .Values.oxAppsuite.enabled }} diff --git a/helmfile/apps/openproject-bootstrap/helmfile.yaml b/helmfile/apps/openproject-bootstrap/helmfile.yaml index 29661ccd..82af63d9 100644 --- a/helmfile/apps/openproject-bootstrap/helmfile.yaml +++ b/helmfile/apps/openproject-bootstrap/helmfile.yaml @@ -3,30 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk OpenProject Bootstrap # Source: Set when repo is managed on Open CoDE - - name: "opendesk-openproject-bootstrap-repo" + - name: "openproject-bootstrap-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.openprojectBootstrap.verify }} + username: "{{ .Values.charts.openprojectBootstrap.username }}" + password: {{ .Values.charts.openprojectBootstrap.password | quote }} + url: "{{ .Values.charts.openprojectBootstrap.registry }}/{{ .Values.charts.openprojectBootstrap.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap - # dataSource=docker - # dependencyType=vendor - name: "opendesk-openproject-bootstrap" - chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap" - version: "1.2.1" + chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}" + version: "{{ .Values.charts.openprojectBootstrap.version }}" wait: true waitForJobs: true values: diff --git a/helmfile/apps/openproject/helmfile.yaml b/helmfile/apps/openproject/helmfile.yaml index 5dec528f..80e27273 100644 --- a/helmfile/apps/openproject/helmfile.yaml +++ b/helmfile/apps/openproject/helmfile.yaml @@ -3,27 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # OpenProject # Source: https://github.com/opf/helm-charts - name: "openproject-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://charts.openproject.org" }} - verify: true + oci: true keyring: "../../files/gpg-pubkeys/openproject-com.gpg" + verify: {{ .Values.charts.openproject.verify }} + username: "{{ .Values.charts.openproject.username }}" + password: {{ .Values.charts.openproject.password | quote }} + url: "{{ .Values.charts.openproject.registry }}/{{ .Values.charts.openproject.repository }}" releases: - # renovate: - # registryUrl=https://charts.openproject.org - # packageName=openproject - # dataSource=helm - # dependencyType=vendor - name: "openproject" - chart: "openproject-repo/openproject" - version: "2.6.2" + chart: "openproject-repo/{{ .Values.charts.openproject.name }}" + version: "{{ .Values.charts.openproject.version }}" wait: true waitForJobs: true values: diff --git a/helmfile/apps/openproject/values.yaml b/helmfile/apps/openproject/values.yaml index 0d7b8327..996581ad 100644 --- a/helmfile/apps/openproject/values.yaml +++ b/helmfile/apps/openproject/values.yaml @@ -30,11 +30,18 @@ openproject: # seed will only be executed on initial installation seed_locale: "de" -securityContext: +containerSecurityContext: + enabled: true + runAsUser: 1000 + runAsGroup: 1000 allowPrivilegeEscalation: false + capabilities: + drop: + - "ALL" seccompProfile: type: "RuntimeDefault" - readOnlyRootFilesystem: false + readOnlyRootFilesystem: true + runAsNonRoot: true persistence: enabled: false diff --git a/helmfile/apps/provisioning/helmfile.yaml b/helmfile/apps/provisioning/helmfile.yaml index 672aaedf..dae4c99b 100644 --- a/helmfile/apps/provisioning/helmfile.yaml +++ b/helmfile/apps/provisioning/helmfile.yaml @@ -3,24 +3,18 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # OX Connector - name: "ox-connector-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }} + username: "{{ .Values.charts.oxConnector.username }}" + password: {{ .Values.charts.oxConnector.password | quote }} + url: "{{ .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}" releases: - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable - # packageName=ox-connector - # dataSource=helm - # dependencyType=vendor - name: "ox-connector" - chart: "ox-connector-repo/ox-connector" - version: "0.1.0-pre-jconde-listener-entrypoint-chaining" + chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}" + version: "{{ .Values.charts.oxConnector.version }}" values: - "values-oxconnector.yaml" - "values-oxconnector.gotmpl" diff --git a/helmfile/apps/services/helmfile.yaml b/helmfile/apps/services/helmfile.yaml index 8e661a5e..a0e1a8ca 100644 --- a/helmfile/apps/services/helmfile.yaml +++ b/helmfile/apps/services/helmfile.yaml @@ -3,224 +3,194 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Otterize # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-otterize - - name: "opendesk-otterize-repo" + - name: "otterize-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-otterize" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.otterize.verify }} + username: "{{ .Values.charts.otterize.username }}" + password: {{ .Values.charts.otterize.password | quote }} + url: "{{ .Values.charts.otterize.registry }}/{{ .Values.charts.otterize.repository }}" + # openDesk Certificates # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates - - name: "opendesk-certificates-repo" + - name: "certificates-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.certificates.verify }} + username: "{{ .Values.charts.certificates.username }}" + password: {{ .Values.charts.certificates.password | quote }} + url: "{{ .Values.charts.certificates.registry }}/{{ .Values.charts.certificates.repository }}" + # openDesk PostgreSQL # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postgresql - name: "postgresql-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.postgresql.verify }} + username: "{{ .Values.charts.postgresql.username }}" + password: {{ .Values.charts.postgresql.password | quote }} + url: "{{ .Values.charts.postgresql.registry }}/{{ .Values.charts.postgresql.repository }}" + # openDesk MariaDB - # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-mariadb + # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-mariadb - name: "mariadb-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }} - verify: true - keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + keyring: "../../files/gpg-pubkeys/opencode.gpg" + verify: {{ .Values.charts.mariadb.verify }} + username: "{{ .Values.charts.mariadb.username }}" + password: {{ .Values.charts.mariadb.password | quote }} + url: "{{ .Values.charts.mariadb.registry }}/{{ .Values.charts.mariadb.repository }}" + # openDesk Postfix # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postfix - name: "postfix-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.postfix.verify }} + username: "{{ .Values.charts.postfix.username }}" + password: {{ .Values.charts.postfix.password | quote }} + url: "{{ .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}" + # openDesk Istio Resources # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-istio-resources - name: "istio-resources-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/istio-ressources" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.istioResources.verify }} + username: "{{ .Values.charts.istioResources.username }}" + password: {{ .Values.charts.istioResources.password | quote }} + url: "{{ .Values.charts.istioResources.registry }}/{{ .Values.charts.istioResources.repository }}" + # openDesk ClamAV # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-clamav - name: "clamav-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.clamav.verify }} + username: "{{ .Values.charts.clamav.username }}" + password: {{ .Values.charts.clamav.password | quote }} + url: "{{ .Values.charts.clamav.registry }}/{{ .Values.charts.clamav.repository }}" + - name: "clamav-simple-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.clamavSimple.verify }} + username: "{{ .Values.charts.clamavSimple.username }}" + password: {{ .Values.charts.clamavSimple.password | quote }} + url: "{{ .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}" + # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - - name: "bitnami-repo" + - name: "memcached-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.memcached.verify }} + username: "{{ .Values.charts.memcached.username }}" + password: {{ .Values.charts.memcached.password | quote }} + url: "{{ .Values.charts.memcached.registry }}/{{ .Values.charts.memcached.repository }}" + - name: "redis-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.redis.verify }} + username: "{{ .Values.charts.redis.username }}" + password: {{ .Values.charts.redis.password | quote }} + url: "{{ .Values.charts.redis.registry }}/{{ .Values.charts.redis.repository }}" + - name: "minio-repo" + oci: true + keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.minio.verify }} + username: "{{ .Values.charts.minio.username }}" + password: {{ .Values.charts.minio.password | quote }} + url: "{{ .Values.charts.minio.registry }}/{{ .Values.charts.minio.repository }}" + releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize - # dataSource=docker - # dependencyType=service - name: "opendesk-otterize" - chart: "opendesk-otterize-repo/opendesk-otterize" - version: "1.1.3" + chart: "otterize-repo/{{ .Values.charts.otterize.name }}" + version: "{{ .Values.charts.otterize.version }}" values: - "values-otterize.gotmpl" installed: {{ .Values.security.otterizeIntents.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates - # dataSource=docker - # dependencyType=service + - name: "opendesk-certificates" - chart: "opendesk-certificates-repo/opendesk-certificates" - version: "2.1.0" + chart: "certificates-repo/{{ .Values.charts.certificates.name }}" + version: "{{ .Values.charts.certificates.version }}" values: - "values-certificates.gotmpl" installed: {{ .Values.certificates.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/redis - # dataSource=docker - # dependencyType=service - name: "redis" - chart: "bitnami-repo/redis" - version: "18.1.2" + chart: "redis-repo/{{ .Values.charts.redis.name }}" + version: "{{ .Values.charts.redis.version }}" values: - "values-redis.gotmpl" - "values-redis.yaml" installed: {{ .Values.redis.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/memcached - # dataSource=docker - # dependencyType=service - name: "memcached" - chart: "bitnami-repo/memcached" - version: "6.6.2" + chart: "memcached-repo/{{ .Values.charts.memcached.name }}" + version: "{{ .Values.charts.memcached.version }}" values: - "values-memcached.yaml" - "values-memcached.gotmpl" installed: {{ .Values.memcached.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/postgresql/postgresql - # dataSource=docker - # dependencyType=service - name: "postgresql" - chart: "postgresql-repo/postgresql" - version: "2.0.3" + chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}" + version: "{{ .Values.charts.postgresql.version }}" values: - "values-postgresql.yaml" - "values-postgresql.gotmpl" installed: {{ .Values.postgresql.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/mariadb/mariadb - # dataSource=docker - # dependencyType=service - name: "mariadb" - chart: "mariadb-repo/mariadb" - version: "2.1.1" + chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}" + version: "{{ .Values.charts.mariadb.version }}" values: - "values-mariadb.yaml" - "values-mariadb.gotmpl" installed: {{ .Values.mariadb.enabled }} timeout: 900 - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/postfix/postfix - # dataSource=docker - # dependencyType=service - name: "postfix" - chart: "postfix-repo/postfix" - version: "2.0.4" + chart: "postfix-repo/{{ .Values.charts.postfix.name }}" + version: "{{ .Values.charts.postfix.version }}" values: - "values-postfix.yaml" - "values-postfix.gotmpl" installed: {{ .Values.postfix.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/clamav/opendesk-clamav - # dataSource=docker - # dependencyType=service - name: "clamav" - chart: "clamav-repo/opendesk-clamav" - version: "4.0.0" + chart: "clamav-repo/{{ .Values.charts.clamav.name }}" + version: "{{ .Values.charts.clamav.version }}" values: - "values-clamav-distributed.yaml" - "values-clamav-distributed.gotmpl" installed: {{ .Values.clamavDistributed.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/clamav/clamav-simple - # dataSource=docker - # dependencyType=service - name: "clamav-simple" - chart: "clamav-repo/clamav-simple" - version: "4.0.0" + chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}" + version: "{{ .Values.charts.clamavSimple.version }}" values: - "values-clamav-simple.yaml" - "values-clamav-simple.gotmpl" installed: {{ .Values.clamavSimple.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/istio-ressources/istio-gateway - # dataSource=docker - # dependencyType=service - name: "opendesk-gateway" - chart: "istio-resources-repo/istio-gateway" - version: "2.0.0" + chart: "istio-resources-repo/{{ .Values.charts.istioResources.name }}" + version: "{{ .Values.charts.istioResources.version }}" values: - "values-istio-gateway.yaml" - "values-istio-gateway.gotmpl" installed: {{ .Values.istio.enabled }} - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/minio - # dataSource=docker - # dependencyType=service - name: "minio" - chart: "bitnami-repo/minio" - version: "12.8.19" + chart: "minio-repo/{{ .Values.charts.minio.name }}" + version: "{{ .Values.charts.minio.version }}" values: - "values-minio.yaml" - "values-minio.gotmpl" diff --git a/helmfile/apps/services/values-mariadb.gotmpl b/helmfile/apps/services/values-mariadb.gotmpl index d9cd3f33..e379c3f5 100644 --- a/helmfile/apps/services/values-mariadb.gotmpl +++ b/helmfile/apps/services/values-mariadb.gotmpl @@ -8,6 +8,9 @@ global: imagePullSecrets: {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }} +cleanup: + deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }} + image: repository: {{ .Values.images.mariadb.repository | quote }} tag: {{ .Values.images.mariadb.tag | quote }} diff --git a/helmfile/apps/univention-corporate-container/helmfile.yaml b/helmfile/apps/univention-corporate-container/helmfile.yaml index fd5ca994..e7cf9336 100644 --- a/helmfile/apps/univention-corporate-container/helmfile.yaml +++ b/helmfile/apps/univention-corporate-container/helmfile.yaml @@ -3,29 +3,22 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # openDesk Univention Corporate Server (as eval Container) - name: "univention-corporate-container-repo" oci: true - # yamllint disable rule:line-length - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default - "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/univention-corporate-container" }} - # yamllint enable rule:line-length - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.univentionCorporateServer.verify }} + username: "{{ .Values.charts.univentionCorporateServer.username }}" + password: {{ .Values.charts.univentionCorporateServer.password | quote }} + url: "{{ .Values.charts.univentionCorporateServer.registry }}/\ + {{ .Values.charts.univentionCorporateServer.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container - # dataSource=docker - # dependencyType=vendor - name: "univention-corporate-container" - chart: "univention-corporate-container-repo/univention-corporate-container" - version: "1.0.10" + chart: "univention-corporate-container-repo/{{ .Values.charts.univentionCorporateServer.name }}" + version: "{{ .Values.charts.univentionCorporateServer.version }}" values: - "values.yaml" - "values.gotmpl" diff --git a/helmfile/apps/univention-management-stack/helmfile.yaml b/helmfile/apps/univention-management-stack/helmfile.yaml index cc31095d..2ce2eb01 100644 --- a/helmfile/apps/univention-management-stack/helmfile.yaml +++ b/helmfile/apps/univention-management-stack/helmfile.yaml @@ -3,7 +3,6 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # Univention Management Stack @@ -13,50 +12,35 @@ repositories: default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }} # VMWare Bitnami # Source: https://github.com/bitnami/charts/ - - name: "bitnami-repo" + - name: "nginx-repo" oci: true - url: >- - {{ env "PRIVATE_IMAGE_REGISTRY_URL" | - default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }} - verify: true keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg" + verify: {{ .Values.charts.nginx.verify }} + username: "{{ .Values.charts.nginx.username }}" + password: {{ .Values.charts.nginx.password | quote }} + url: "{{ .Values.charts.nginx.registry }}/{{ .Values.charts.nginx.repository }}" releases: - # renovate: - # registryUrl=https://registry.souvap-univention.de - # packageName=souvap/tooling/charts/bitnami-charts/nginx - # dataSource=docker - # dependencyType=vendor - name: "ums-stack-gateway" - chart: "bitnami-repo/nginx" - version: "15.3.5" + chart: "nginx-repo/{{ .Values.charts.nginx.name }}" + version: "{{ .Values.charts.nginx.version }}" values: - "values-ums-stack-gateway.gotmpl" - "values-ums-stack-gateway.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=store-dav - # dataSource=helm - # dependencyType=vendor - name: "ums-store-dav" - chart: "ums-repo/store-dav" - version: "0.7.0" + chart: "ums-repo/{{ .Values.charts.umsStoreDav.name }}" + version: "{{ .Values.charts.umsStoreDav.version }}" values: - "values-common.gotmpl" - "values-common.yaml" - "values-store-dav.gotmpl" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=ldap-server - # dataSource=helm - # dependencyType=vendor - name: "ums-ldap-server" - chart: "ums-repo/ldap-server" - version: "0.7.0" + chart: "ums-repo/{{ .Values.charts.umsLdapServer.name }}" + version: "{{ .Values.charts.umsLdapServer.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -64,14 +48,9 @@ releases: - "values-ldap-server.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=ldap-notifier - # dataSource=helm - # dependencyType=vendor - name: "ums-ldap-notifier" - chart: "ums-repo/ldap-notifier" - version: "0.7.0" + chart: "ums-repo/{{ .Values.charts.umsLdapNotifier.name }}" + version: "{{ .Values.charts.umsLdapNotifier.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -79,14 +58,9 @@ releases: - "values-ldap-notifier.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=udm-rest-api - # dataSource=helm - # dependencyType=vendor - name: "ums-udm-rest-api" - chart: "ums-repo/udm-rest-api" - version: "0.3.5" + chart: "ums-repo/{{ .Values.charts.umsUdmRestApi.name }}" + version: "{{ .Values.charts.umsUdmRestApi.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -94,14 +68,9 @@ releases: - "values-udm-rest-api.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=stack-data-ums - # dataSource=helm - # dependencyType=vendor - name: "ums-stack-data-ums" - chart: "ums-repo/stack-data-ums" - version: "0.38.1" + chart: "ums-repo/{{ .Values.charts.umsStackDataUms.name }}" + version: "{{ .Values.charts.umsStackDataUms.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -109,14 +78,9 @@ releases: - "values-stack-data-ums.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=stack-data-swp - # dataSource=helm - # dependencyType=vendor - name: "ums-stack-data-swp" - chart: "ums-repo/stack-data-swp" - version: "0.38.1" + chart: "ums-repo/{{ .Values.charts.umsStackDataSwp.name }}" + version: "{{ .Values.charts.umsStackDataSwp.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -124,14 +88,9 @@ releases: - "values-stack-data-swp.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=portal-server - # dataSource=helm - # dependencyType=vendor - name: "ums-portal-server" - chart: "ums-repo/portal-server" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsPortalServer.name }}" + version: "{{ .Values.charts.umsPortalServer.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -139,14 +98,9 @@ releases: - "values-portal-server.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=notifications-api - # dataSource=helm - # dependencyType=vendor - name: "ums-notifications-api" - chart: "ums-repo/notifications-api" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsNotificationsApi.name }}" + version: "{{ .Values.charts.umsNotificationsApi.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -154,14 +108,9 @@ releases: - "values-notifications-api.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=portal-listener - # dataSource=helm - # dependencyType=vendor - name: "ums-portal-listener" - chart: "ums-repo/portal-listener" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsPortalListener.name }}" + version: "{{ .Values.charts.umsPortalListener.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -169,14 +118,9 @@ releases: - "values-portal-listener.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=portal-frontend - # dataSource=helm - # dependencyType=vendor - name: "ums-portal-frontend" - chart: "ums-repo/portal-frontend" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsPortalFrontend.name }}" + version: "{{ .Values.charts.umsPortalFrontend.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -184,14 +128,9 @@ releases: - "values-portal-frontend.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=umc-gateway - # dataSource=helm - # dependencyType=vendor - name: "ums-umc-gateway" - chart: "ums-repo/umc-gateway" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsUmcGateway.name }}" + version: "{{ .Values.charts.umsUmcGateway.version }}" values: - "values-common.gotmpl" - "values-common.yaml" @@ -199,14 +138,9 @@ releases: - "values-umc-gateway.yaml" installed: {{ .Values.univentionManagementStack.enabled }} - # renovate: - # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable - # packageName=umc-server - # dataSource=helm - # dependencyType=vendor - name: "ums-umc-server" - chart: "ums-repo/umc-server" - version: "0.6.1" + chart: "ums-repo/{{ .Values.charts.umsUmcServer.name }}" + version: "{{ .Values.charts.umsUmcServer.version }}" values: - "values-common.gotmpl" - "values-common.yaml" diff --git a/helmfile/apps/xwiki/helmfile.yaml b/helmfile/apps/xwiki/helmfile.yaml index 1f8de78b..c7bb5f9a 100644 --- a/helmfile/apps/xwiki/helmfile.yaml +++ b/helmfile/apps/xwiki/helmfile.yaml @@ -3,25 +3,19 @@ --- bases: - "../../bases/environments.yaml" - --- repositories: # XWiki # Source: https://github.com/xwiki-contrib/xwiki-helm - name: "xwiki-repo" - url: >- - {{ env "PRIVATE_CHART_REPOSITORY_URL" | - default "https://xwiki-contrib.github.io/xwiki-helm" }} + username: "{{ .Values.charts.xwiki.username }}" + password: {{ .Values.charts.xwiki.password | quote }} + url: "{{ .Values.charts.xwiki.registry }}/{{ .Values.charts.xwiki.repository }}" releases: - # renovate: - # registryUrl=https://xwiki-contrib.github.io/xwiki-helm - # packageName=xwiki - # dataSource=helm - # dependencyType=vendor - name: "xwiki" - chart: "xwiki-repo/xwiki" - version: "1.2.3" + chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}" + version: "{{ .Values.charts.xwiki.version }}" wait: true values: - "values.yaml" diff --git a/helmfile/environments/default/charts.yaml b/helmfile/environments/default/charts.yaml new file mode 100644 index 00000000..3504a16d --- /dev/null +++ b/helmfile/environments/default/charts.yaml @@ -0,0 +1,714 @@ +# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" +# SPDX-License-Identifier: Apache-2.0 +--- +charts: + certificates: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" + name: "opendesk-certificates" + version: "2.1.0" + verify: true + username: ~ + password: ~ + + clamav: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/clamav/opendesk-clamav + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/clamav" + name: "opendesk-clamav" + version: "4.0.0" + verify: true + username: ~ + password: ~ + + clamavSimple: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/clamav/clamav-simple + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/clamav" + name: "clamav-simple" + version: "4.0.0" + verify: true + username: ~ + password: ~ + + collabora: + # renovate: + # registryUrl=https://collaboraonline.github.io/online + # packageName=collabora-online + # dataSource=helm + # dependencyType=vendor + registry: "https://collaboraonline.github.io" + repository: "online" + name: "collabora-online" + version: "1.0.2" + username: ~ + password: ~ + + cryptpad: + # renovate: + # registryUrl=https://cryptpad.github.io/helm + # packageName=cryptpad + # dataSource=helm + # dependencyType=vendor + registry: "https://cryptpad.github.io" + repository: "helm" + name: "cryptpad" + version: "0.0.14" + username: ~ + password: ~ + + dovecot: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/dovecot/dovecot + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/dovecot" + name: "dovecot" + version: "1.3.6" + verify: true + username: ~ + password: ~ + + element: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-element" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + elementWellKnown: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-well-known" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + intercomService: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/intercom-service/intercom-service + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/intercom-service" + name: "intercom-service" + version: "2.0.1" + verify: true + username: ~ + password: ~ + + istioResources: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/istio-ressources/istio-gateway + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/istio-ressources" + name: "istio-gateway" + version: "2.0.0" + verify: true + username: ~ + password: ~ + + jitsi: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" + name: "sovereign-workplace-jitsi" + version: "1.7.1" + verify: true + username: ~ + password: ~ + + keycloak: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/keycloak + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "keycloak" + version: "12.1.5" + verify: true + username: ~ + password: ~ + + keycloakBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" + name: "sovereign-workplace-keycloak-bootstrap" + version: "1.1.12" + verify: true + username: ~ + password: ~ + + keycloakExtensions: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable + # packageName=keycloak-extensions + # dataSource=helm + # dependencyType=vendor + registry: "https://gitlab.souvap-univention.de" + repository: "api/v4/projects/77/packages/helm/stable" + name: "keycloak-extensions" + version: "0.1.0" + username: ~ + password: ~ + + keycloakTheme: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/keycloak-theme" + name: "opendesk-keycloak-theme" + version: "2.0.0" + verify: true + username: ~ + password: ~ + + mariadb: + # renovate: + # registryUrl=https://registry.opencode.de + # packageName=bmi/opendesk/components/charts/opendesk-mariadb/mariadb + # dataSource=docker + # dependencyType=service + registry: "registry.opencode.de" + repository: "bmi/opendesk/components/charts/opendesk-mariadb" + name: "mariadb" + version: "2.2.0" + verify: true + username: ~ + password: ~ + + matrixNeoboardWidget: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neoboard-widget" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixNeochoiseWidget: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neochoice-widget" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixNeodatefixBot: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neodatefix-bot" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixNeodatefixWidget: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" + name: "matrix-neodatefix-widget" + version: "3.3.0" + verify: true + username: ~ + password: ~ + + matrixUserVerificationService: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-matrix-user-verification-service" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + memcached: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/memcached + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "memcached" + version: "6.6.2" + verify: true + username: ~ + password: ~ + + minio: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/minio + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "minio" + version: "12.8.19" + verify: true + username: ~ + password: ~ + + nextcloud: + # renovate: + # registryUrl=https://nextcloud.github.io/helm + # packageName=nextcloud + # dataSource=helm + # dependencyType=vendor + registry: "https://nextcloud.github.io" + repository: "helm" + name: "nextcloud" + version: "3.5.19" + username: ~ + password: ~ + + nextcloudBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" + name: "opendesk-nextcloud-bootstrap" + version: "3.2.6" + verify: true + username: ~ + password: ~ + + nginx: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/nginx + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "nginx" + version: "15.3.5" + verify: true + username: ~ + password: ~ + + openproject: + # renovate: + # registryUrl=https://ghcr.io + # packageName=opf/helm-charts/openproject + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/opf/helm-charts" + name: "openproject" + version: "3.0.2" + verify: true + username: ~ + password: ~ + + openprojectBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" + name: "opendesk-openproject-bootstrap" + version: "1.2.1" + verify: true + username: ~ + password: ~ + + openXchangeAppSuite: + # renovate: + # registryUrl=https://registry.open-xchange.com + # packageName=appsuite-public-sector/charts/appsuite-public-sector + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/appsuite-public-sector/charts" + name: "appsuite-public-sector" + version: "2.1.1" + username: ~ + password: ~ + + openXchangeAppSuiteBootstrap: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" + name: "sovereign-workplace-open-xchange-bootstrap" + version: "1.3.1" + verify: true + username: ~ + password: ~ + + otterize: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/opendesk-otterize" + name: "opendesk-otterize" + version: "1.1.3" + verify: true + username: ~ + password: ~ + + oxConnector: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable + # packageName=ox-connector + # dataSource=helm + # dependencyType=vendor + registry: "https://gitlab.souvap-univention.de" + repository: "api/v4/projects/128/packages/helm/stable" + name: "ox-connector" + version: "0.1.0-pre-jconde-listener-entrypoint-chaining" + username: ~ + password: ~ + + postfix: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/postfix/postfix + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/postfix" + name: "postfix" + version: "2.0.4" + verify: true + username: ~ + password: ~ + + postgresql: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/postgresql/postgresql + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/postgresql" + name: "postgresql" + version: "2.0.3" + verify: true + username: ~ + password: ~ + + redis: + # renovate: + # registryUrl=https://registry-1.docker.io + # packageName=bitnamicharts/redis + # dataSource=docker + # dependencyType=service + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts" + name: "redis" + version: "18.1.2" + verify: true + username: ~ + password: ~ + + synapse: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-synapse" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + synapseCreateAccount: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-synapse-create-account" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + synapseWeb: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" + name: "opendesk-synapse-web" + version: "2.6.0" + verify: true + username: ~ + password: ~ + + umsLdapNotifier: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=ldap-notifier + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "ldap-notifier" + version: "0.7.0" + username: ~ + password: ~ + + umsLdapServer: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=ldap-server + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "ldap-server" + version: "0.7.0" + username: ~ + password: ~ + + umsNotificationsApi: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=notifications-api + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "notifications-api" + version: "0.6.1" + username: ~ + password: ~ + + umsPortalFrontend: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=portal-frontend + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "portal-frontend" + version: "0.6.1" + username: ~ + password: ~ + + umsPortalListener: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=portal-listener + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "portal-listener" + version: "0.6.1" + username: ~ + password: ~ + + umsPortalServer: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=portal-server + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "portal-server" + version: "0.6.1" + username: ~ + password: ~ + + umsStackDataSwp: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=stack-data-swp + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "stack-data-swp" + version: "0.38.1" + username: ~ + password: ~ + + umsStackDataUms: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=stack-data-ums + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "stack-data-ums" + version: "0.38.1" + username: ~ + password: ~ + + umsStoreDav: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=store-dav + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "store-dav" + version: "0.7.0" + username: ~ + password: ~ + + umsUdmRestApi: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=udm-rest-api + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "udm-rest-api" + version: "0.3.5" + username: ~ + password: ~ + + umsUmcGateway: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=umc-gateway + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "umc-gateway" + version: "0.6.1" + username: ~ + password: ~ + + umsUmcServer: + # renovate: + # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable + # packageName=umc-server + # dataSource=helm + # dependencyType=vendor + registry: "gitlab.souvap-univention.de" + repository: "api/v4/projects/155/packages/helm/stable" + name: "umc-server" + version: "0.6.1" + username: ~ + password: ~ + + univentionCorporateServer: + # renovate: + # registryUrl=https://registry.souvap-univention.de + # packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container + # dataSource=docker + # dependencyType=vendor + registry: "external-registry.souvap-univention.de" + repository: "sovereign-workplace/souvap/tooling/charts/univention-corporate-container" + name: "univention-corporate-container" + version: "1.0.10" + verify: true + username: ~ + password: ~ + + xwiki: + # renovate: + # registryUrl=https://xwiki-contrib.github.io/xwiki-helm + # packageName=xwiki + # dataSource=helm + # dependencyType=vendor + registry: "https://xwiki-contrib.github.io" + repository: "xwiki-helm" + name: "xwiki" + version: "1.2.3" + verify: true + username: ~ + password: ~ +... diff --git a/helmfile/environments/default/images.yaml b/helmfile/environments/default/images.yaml index 2a264747..19eab77f 100644 --- a/helmfile/environments/default/images.yaml +++ b/helmfile/environments/default/images.yaml @@ -219,7 +219,7 @@ images: # registryUrl=https://docker.io # dependencyType=vendor repository: "openproject/open_desk" - tag: "release-13.1@sha256:1dc528de7e38d9c461188e53b2153b1a5ede374f83dde7b32d9c7c057c802178" + tag: "release-13.1@sha256:b1e6d55d913bb2dfc34caae364c54ff524c0676a74da1c036d0e64557ef42795" # @supplier: "OpenProject" openprojectInitDb: # renovate: diff --git a/helmfile/files/gpg-pubkeys/opencode.gpg b/helmfile/files/gpg-pubkeys/opencode.gpg new file mode 100644 index 0000000000000000000000000000000000000000..11dccb2c34d643ca68529b3afc2a11cdba74679c GIT binary patch literal 2291 zcmV7X5CF?ZdRgER*%w34vOd5#&SJeW7Z$DGW4&~+U=xns-5cyt z+;aI2ZF=nv6z&VI&gXAyT)ALKLFqQ_^r0Q^$ICEgMQiEzD?3CPn6B2LiUnBS56bKhFOK?H%Wl-0_+Z0LovRD=4qg5~XMQOGVYW)<0*)}}yE z_d3YSpWjoLaJ^@kR}mL!Olg*(sg1ty5vO@O%F?H#*iN;8h(10*?*tUMY7c}Uz9s~3 zFRx$1bx-sU)L3LWavK!96>~hW2p+a+Bv6vtV4c*OXJJmCFv4?NS;5sSpd(hi;isA+ z!Pl?)87>Li373G;&QpFE&W-Ua%6PhGQL)(wD?&W&IH>Itbd*|oftyb_r70&ps_uk$OGx+F z&zsoT&J9a2K)_L1p0h^tG|}G|!@}CNDFQnhOEPUW=_AC=I>4;!c#h$EmMtG?9b{vK zr+hm7E*a>I;PfXW)f zdI*>DH{m>>49Z}bn7g;@uHh>GLi~?z|CQjwa{dFx=2!KsnZy65sC;vM$+CR7p6MTu zD@fCt=?ZQ+k)r?+0RRECM`vktD`IVFEpKpTZe(S1Yb|7DaBOdRZDnqBEpu;nWpZU{ zXKpQbZ*psJY+++%Eip4OH!W#%b9H4cKyPqmZewp`WiDi8i2_ap69EbUI2IuUl8KHt zLX+`{odB}H8vP)VStT)c1p;Mojv)dY0|g5S2nPZN6$%Lm3jzcd0s{d89svRufB*^! z5E}g;ky#}%cJ0y+|7yJVVZqmHp}qF_nPsd{VDdtIvY)2@C*xG45XerE!rkP}pP#J4 z9rS+98IC&h9XMD=0cLh~HSpO$O8lj?MFPQ_d=~71=Re)E{80mL9?B``U21HquX{$Ot~|cx^dZKTY>2|Tvw`|4l#&+fV#4sI}Mz%YLwxT~4miLRXn-3szEI9p*9VOtqFZbM!>;@pP(XKm=Y zOh)0^!*3o;d(JM@o7Kxfi90$LO%Vhvk3c#<;Oie-ICcsZ-pGdvRUNUk zQ*eXIR3)Yku2mG;%3MANCNQV_MD23ky_%+vc4-kq-o@VsctIH0d-WZhB3qL(;!nr< z@ZiAWPr%F>(=FSH z2qs+r-}7p<-m!xoOr85IWAO|q&i%*lEL z(0p`wY7Y z8w>yn2@o3nAdy)mF?K8Y5C3+wzlW8rWOJ^TwhDI-`;B-K|lfk#1by zmuW@{M(WF;7VKQji)??k19jIC!>_ ziRxOz9(s>^xXj&1>6VIZpM_n?vdE8591}HnkXHmws~X3SsQ?xQjMe4kDdLhO9N^x4 z@DH4!0CjH{oqp!U+x9byM%d?cK7F93iByU@d3*q1@W6h9)e9^>7(---_kqMh>vhiL z5qEbbD^Dd$qa}DgGKqvcjRP_2jdN^J&h))sRBqEK8Bk0UC}-B5Jo^PMk0(u}L89sA_=u5EMyCt6AbEMKeDGeX{Me_F_4(`bdfx+pIDPGk!*%v;Qo2=d%)W?)PjwbP93bJKN?N2S@!i9jLytWY;xDW#sj?wA-VlH#!9RmboU)_+kWz&f4qBm{tY=dz# z=;@TUK*1J>>EZf*iceQWaTj$JXC0=9*$|*1KwrM1tA&ghO*hL^t@<$7;v1~YzPQc3 z>m-5PHSyNaS9$qU%yWx}OyIWd0^C^8VUoa{l)S$#3@&flTt*nsTi~5VTh_tJR0c0x zI-wwH>L@ka&h(0s=@WyG!uIYJnB=`t6V&S@Q0$UVU+zBTgTG%x zDUu>hr`(fuVOq(Zu|b!(%Viu|pz?a={@P)wK{$VuK&St>*q~<;MPG5I7e^Bg&2JC{ zveJRBIaAicH&8X5UJeho%A^`JW`f@zGnDm%kg0w+4zaG*nb=x1pxvz%doljjpg8!G z2!Bt~%W_4rVKXBb2PTH!rfqf?2ambO(U(xskBK9>AJ4e6VsXFc?nl#d(%lRK88lNy z0>92tjmu)IPJcweB|Ay(%$i+? zagnf#zTP1)<^OR!?;92zN(k}A;bGpm%P@xke_R009~R_GP=V=%{<{SAJL1Cr*{$jm z8e%{M*l>!m^Rj7!7Q>W6CUSA;7 zLNL5nHXW==Vu6BJv?K{YTvoHTM3TgtV)E&M%Mni2X+tE8h8)$LXS>nTx^`El(kH-8 zum4Pw1))0sdA7$Fkty>k;V3MMVGephzj|uGIQEKt`CzBi$Q+#Ob~(-ZgCVFc#&dvV zC#k3U;ISIn^Lhl^!0_rki*zr8rw`%MhVy6(b!T=$E$ahU`9 zqN-@o@Y>bobvh^$lHP2RWB2rcpx76NlBsKzk;au8z47d&^WdR&NB)nijH+z*-y(&Q zQWl6$K433%0oDVJN5>s$Q%hT}gO+vXnmiw2sw&!~TOQRCT-VB97!uym?CjRQ<8ku5 z=f9EuDjdOeu-6Zd%qHvH>q{4DE6_P!Ls39nV4$RnND?0yTn~LiqcdK{f3l{(N+Qhg ztPhVfQ$RU-*-VN-` zt!G&f%+53r`m=aMd{1O)$i++N^*CXXrEWP*%&KhbsX_cyE&&}%6dI;!;~!cNcHu-P z^yk?(hRM+8#7F0TwVY0mZhx=qMKeT$VQJ)=ul)M%-&pnrFiM(r=UMINtWmUQm z+_iXG>DhN{r@bAvr2mK=?D z1mwXb4b-f5%QWb~d%o4avoFhy2|%1l2I#L+#w%4%3Pm*?jro>{jVQz#EBEp3?p_R7 zr^Zp;nv~*pJtB+t%JMxF&KX#06q{awX!;FJ6Iro}wi|ccHeIuU3(12O2*bg&6M~gw zrSY#*>j>oXb>)~D4tIeunlp_F&cZ386vGRbl%!!<^tQ$y4wvM8Co)>oKE+PR3L)Tn zmi>yL`)C!t2Q96$pXD65)ta(7+tBAu$9O-8GZ09>U4i7?oqaB(duqdsn{^0Q(17w_>WbzV!J*&Sdkl+c$jQu6xMUlSnO1c;?B7cq<-9c@nngadmkd zkN2CS-k%e%&xPDGO`6QG_<;-B8O|ca_dmZIE$2)O5>H-|a!ypeSsMZQ0{Kwl# zwhw~d6{&oC$Wqbk8@VT2ln-qKL!*zWUVpbue^hWyl20eGyL7arYpYf`a0`3xJ$HLQ zLKubMP=5X)GSztw-UCepPRF|ksTub8^2q~e7CH9^szn=%d7Q@v8utY8%|a+Bk% zp1oQtECdk~WG!_4OHLgo$lB-SSGPt1%OVdv(y+tVB0P=S!y_E5n+9I?J?}Ym(-m4s z)wM`64kV6fZ2f~XB0!5%{5LSL{{xJ`e?wApN$8i##5{4vtiM4lERUZ?3j}+4`B{!R zFv{*R``4qFu*WdHJsZD*Vs!*NruAJEA1j%|W@CoiChnRTD@%o&QG&m&)hOTX@=i&r zOSH}~aWC3i)I)WT-C@6gpDbAYI`uRg*J8Tzj;ihDcDq-Yflcf5L(fXeT@5|hKcR#9 ztO0&}EH-#}wo=L%rdpL-=yIhXV#BLvg1D@xFS3@>(5=qzp?TJ;WudsN-rk7RaQM7E4SjaoqIuAL^;n-anm^Gg;-GAEG-b_5#Q&bL`^yNvpz1R{8hEo3y>vHRLv_%tvxx6&_T)6pksmx%IA!-&@~N2SVM6 z55GC(;#$L3kdMrqYXIgYOe<>)H6}6-B>LO+>)pb|S0N+mSwW%<0S{666N4vr&C?Ek zl!x3}3f@4CnAHVKn@mAk76P@RF)LU-LDN^P&Ucli-Qz3w0|wFw#6q0s%c zxH55H5njsvJ%*?>>C(}Winpgjdz<;uJlmyITxvx+ROX3&N;s?Yp)8b5Xd4X@5qaCl Z$DnY2?Eyr}*CgB#DSEnX_3Nh~^KSy|TI2u# literal 3232 zcmaJ^w+`&e4ej+6uNNM)%2MG%Ip@6HN?PTdrLXs18-`tZfGG%q2jGzBaQOG%zrzZW zV*X`I_Fs0u>I(OlCM18cy2WXKynh2g?73o=&%>`NGMQ z@Tl3-OjjXzbCKFIxmbup)iw8Jpfg`bvUQx@uQoc zsa8?1n*lnsDIqK}10f&P_Pg3!<^&zmMT$)z!J9c1#Vo9?c~qO6OmlcI5dyO-be%R! zbRz`#_g5DZC%XvmEyIiLa{}sjQW1NS0tFM(8EJpn1*Tt_K&w=a)mO0jm-ID?Ey}(r z@Er!)i(#BsZkdC33lm;W5pdhtv;I(6wL}Il40&9Ur;2y=EobDtGndUDmPxImzySw* zQ%UDS4Xq^NR=V8!;r7|+1Ugh4kKrSE)%=C*zz7?@c*{Qu*F9YYw&5$RReb}z>5;lT zmq%O*Yq>A^uT{5h$}}|&HVijcM2@GU8A(Ucd7=|jqIg>ozO)YGG7iH6n{?Tk6z+kn z9-lsJa*q9D-%0FFDS|(W=ypl;Dm8&V-x2O)Jw3l8^QHW;W3>WusXNlaC|xN$Q;EjY zDBOP_RoXjcfOJFJcl-Nhmv`Jw3V$8{3+_nt3H(sc|Dfuq^0xJK#6`tQmD+qPvI>}p+gCfIo19s2Umpg^1+$1>Rq~;D@cTq5_ z_2H8rVYj`}TMUpA<$X_kY0zw&b#JrUJU8N9P~%p+4j!ri10cSTg`g;xdHL1NX9hh2JA@b6Ef-q zTjZ!(1OCzJbr}BQY+G+->MjV}w{M>J9E6NCt;3>=AyV`p)~ zd_D~ymdc28{e6XkdGggP@r|t@g#>NRh>G1ez5$7!g-pVvI~4=JJ7z1LPdJh z5TGH#4T_a(PESW9*`rI)?kC|F29<{y8$fq9h=a+S$Ym&i)cDswKO2(%1$;pZA;c z;o78}yD_+8z(Z*`XOviCJ?o33`)2q;jMMuIC@%%{9xru~GB%?$z{UY9xX`BFYDRUt z$$>rpnt#nrYm&+k{m7*m_T^8lM%VnVNB}#{oHyrJl=`+fUb`AFUG{DkwK~hj_=4Nv z`r)m1Xi`(vR#B)+*;<`Z9))%M`*H!zzw@1ZI^-68wg%D0@xUNZo-ZQhMS~d?&UL!e z;CQOo)+1jY^Jx`-#9j00YsU|PDU|%hLgJ*pON)rhL$|7R?=6%Z*4T1ikKN^I94xw@ zz$&&b*+3gC9Mo;3OS3jNKvCw^eLxERr#h_BH&n=Y7Tc7Xi8Z@fFCfG8a92XO`7Yo@ z3jLJ}-Rcx^qILAU19;Sre^bsLqQmU#p&gELvW+L|UGURY2q;!CA#ynS6tO(vIU5H+hDIN2xO(X&7jVk{chsd-IMsNg%Nm|Y+mr}`zM(=jAbK9nfSX#SH^nAjj@YSXOHG2Svaeje2dFVyt{^afh-q`TLk0lH1 zqCRYMcBaY>141MYv_K^d6Q^`>`nanR9bW<+=oG%zct6-i*@oD`Iv(VSWg#J}BC4=! z5!Tj-E2UOVWdVa;f^4rz6KF|ok%31%1@r-`sT&E5-gBix!)s)qt?Hwn#Jvg=hL%A?7jCuS*)E(2rQ27s=CpiGn2$z)MYuVe^MgI^ha9KG3u)8 z^<6|w$cly=Dk^6f2o9W=3kcbca9Q87mMk%YQ7;MS3BLhA2Mqz(LIkVqc**LES8 J{Qp@!{t2D0BTN7Q