fix(nubus): Update component name.

2025-12-06 07:21:36 +01:00 · 2024-07-30 08:47:51 +02:00
parent d8b0963277
commit d34edcb661
26 changed files with 89 additions and 90 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -92,7 +92,7 @@ variables:
      - "yes"
      - "no"
  DEPLOY_UMS:
-    description: "Enable Univention Management Stack deployment."
+    description: "Enable Nubus deployment."
    value: "no"
    options:
      - "yes"
--- a/.gitlab/lint/lint-kyverno.yml
+++ b/.gitlab/lint/lint-kyverno.yml
@@ -17,12 +17,12 @@ lint-kyverno:
          - "intercom-service"
          - "jitsi"
          - "nextcloud"
          - "nubus"
          - "open-xchange"
          - "openproject"
          - "openproject-bootstrap"
          - "provisioning"
          - "services"
          - "univention-management-stack"
          - "xwiki"
  script:
    - "cd ${CI_PROJECT_DIR}/helmfile/apps/${APP}"
--- a/docs/enhanced-configuration/idp-federation.md
+++ b/docs/enhanced-configuration/idp-federation.md
@@ -146,8 +146,8 @@ The following configuration is taking place in the Keycloak realm `opendesk`.
  - *Client ID*: Use the client ID you took form your organization's IdP config (`opendesk-federation-client` in this example)
  - *Client Secret*: Use the secret you took form your organization's IdP config
  - When completed with *Add* you get to the detailed IdP configured that also needs some updates (you may need to open the *Advanced* section to access some settings)
-	- *Back-channel logout*: `On`
+    - *Back-channel logout*: `On`
-	- *Disable user info*: `On`
+    - *Disable user info*: `On`
    - *First login flow override*: `auto-federate-flow`
 - In case you want to forcefully redirect all users to your organizations IdP (disabling login with local openDesk accounts):
--- a/docs/getting-started.md
+++ b/docs/getting-started.md
@@ -100,29 +100,29 @@ export DOMAIN=domain.tld
 All available apps and their default value can be found in `helmfile/environments/default/workplace.yaml`.
-| Component                   | Name                                | Default | Description                    |
+| Component            | Name                        | Default | Description                    |
-| --------------------------- | ----------------------------------- | ------- | ------------------------------ |
+| -------------------- | --------------------------- | ------- | ------------------------------ |
-| Certificates                | `certificates.enabled`              | `true`  | TLS certificates               |
+| Certificates         | `certificates.enabled`      | `true`  | TLS certificates               |
-| ClamAV (Distributed)        | `clamavDistributed.enabled`         | `false` | Antivirus engine               |
+| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine               |
-| ClamAV (Simple)             | `clamavSimple.enabled`              | `true`  | Antivirus engine               |
+| ClamAV (Simple)      | `clamavSimple.enabled`      | `true`  | Antivirus engine               |
-| Collabora                   | `collabora.enabled`                 | `true`  | Weboffice                      |
+| Collabora            | `collabora.enabled`         | `true`  | Weboffice                      |
-| CryptPad                    | `cryptpad.enabled`                  | `true`  | Weboffice                      |
+| CryptPad             | `cryptpad.enabled`          | `true`  | Weboffice                      |
-| Dovecot                     | `dovecot.enabled`                   | `true`  | Mail backend                   |
+| Dovecot              | `dovecot.enabled`           | `true`  | Mail backend                   |
-| Element                     | `element.enabled`                   | `true`  | Secure communications platform |
+| Element              | `element.enabled`           | `true`  | Secure communications platform |
-| Intercom Service            | `intercom.enabled`                  | `true`  | Cross service data exchange    |
+| Intercom Service     | `intercom.enabled`          | `true`  | Cross service data exchange    |
-| Jitsi                       | `jitsi.enabled`                     | `true`  | Videoconferencing              |
+| Jitsi                | `jitsi.enabled`             | `true`  | Videoconferencing              |
-| MariaDB                     | `mariadb.enabled`                   | `true`  | Database                       |
+| MariaDB              | `mariadb.enabled`           | `true`  | Database                       |
-| Memcached                   | `memcached.enabled`                 | `true`  | Cache Database                 |
+| Memcached            | `memcached.enabled`         | `true`  | Cache Database                 |
-| MinIO                       | `minio.enabled`                     | `true`  | Object Storage                 |
+| MinIO                | `minio.enabled`             | `true`  | Object Storage                 |
-| Nextcloud                   | `nextcloud.enabled`                 | `true`  | File share                     |
+| Nextcloud            | `nextcloud.enabled`         | `true`  | File share                     |
-| OpenProject                 | `openproject.enabled`               | `true`  | Project management             |
+| OpenProject          | `openproject.enabled`       | `true`  | Project management             |
-| OX Appsuite                 | `oxAppsuite.enabled`                | `true`  | Groupware                      |
+| OX Appsuite          | `oxAppsuite.enabled`        | `true`  | Groupware                      |
-| Provisioning                | `oxConnector.enabled`               | `true`  | Backend provisioning           |
+| Provisioning         | `oxConnector.enabled`       | `true`  | Backend provisioning           |
-| Postfix                     | `postfix.enabled`                   | `true`  | MTA                            |
+| Postfix              | `postfix.enabled`           | `true`  | MTA                            |
-| PostgreSQL                  | `postgresql.enabled`                | `true`  | Database                       |
+| PostgreSQL           | `postgresql.enabled`        | `true`  | Database                       |
-| Redis                       | `redis.enabled`                     | `true`  | Cache Database                 |
+| Redis                | `redis.enabled`             | `true`  | Cache Database                 |
-| Univention Management Stack | `univentionManagementStack.enabled` | `true`  | Identity Management & Portal   |
+| Nubus                | `nubus.enabled`             | `true`  | Identity Management & Portal   |
-| XWiki                       | `xwiki.enabled`                     | `true`  | Knowledge management           |
+| XWiki                | `xwiki.enabled`             | `true`  | Knowledge management           |
 Exemplary, Jitsi can be disabled like:
@@ -378,8 +378,7 @@ When all apps are successfully deployed and pod status' went to `Running` or `Su
 https://portal.domain.tld
 ```
-If you change the subdomain of `univentionManagementStack`, you need to replace `portal`
+If you change the subdomain of `nubus`, you need to replace `portal` by your specified subdomain.
 by your specified subdomain.
 **Credentials:**
--- a/helmfile/apps/element/values-element.yaml.gotmpl
+++ b/helmfile/apps/element/values-element.yaml.gotmpl
@@ -5,15 +5,15 @@
 configuration:
  endToEndEncryption: true
  additionalConfiguration:
-    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
    "net.nordeck.element_web.module.opendesk":
      config:
        banner:
          ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
          ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
-          portal_logo_svg_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
+          portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
-          portal_url: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/"
+          portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/"
        custom_css_variables:
          --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }}
          --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -48,7 +48,7 @@ configuration:
        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
  ldap:
    host: {{ .Values.ldap.host | quote }}
-    password: {{ .Values.secrets.univentionManagementStack.ldapSearch.nextcloud | quote }}
+    password: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
    adminGroupName: "managed-by-attribute-FileshareAdmin"
  objectstore:
    auth:
--- a/helmfile/apps/nubus/helmfile-child.yaml
+++ b/helmfile/apps/nubus/helmfile-child.yaml
@@ -31,7 +31,7 @@ releases:
      - "values-nubus.yaml.gotmpl"
      - "values-opendesk-customization.yaml.gotmpl"
      - "values-opendesk-images.yaml.gotmpl"
-    installed: {{ .Values.univentionManagementStack.enabled }}
+    installed: {{ .Values.nubus.enabled }}
    timeout: 900
  # OpenDesk Keycloak Bootstrap Chart
  - name: "opendesk-keycloak-bootstrap"
@@ -41,10 +41,10 @@ releases:
      - "values-opendesk-keycloak-bootstrap.yaml.gotmpl"
    needs:
      - "ums"
-    installed: {{ .Values.univentionManagementStack.enabled }}
+    installed: {{ .Values.nubus.enabled }}
    timeout: 900
 commonLabels:
  deploy-stage: "component-1"
-  component: "univention-management-stack"
+  component: "nubus"
 ...
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -13,17 +13,17 @@ global:
  keycloak:
    realm: {{ .Values.platform.realm | quote }}
  objectStorage:
-    bucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
+    bucket: {{ .Values.objectstores.nubus.bucket | quote }}
    connection:
      host: "minio"
      port: "9000"
      protocol: "http"
  credentialOverride:
    ldapServer:
-      adminPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote}}
+      adminPassword: {{ .Values.secrets.nubus.ldapSecret | quote}}
    defaultUsers:
-      defaultAdminPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.adminPassword | quote}}
+      defaultAdminPassword: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote}}
-      defaultUserPassword: {{ .Values.secrets.univentionManagementStack.defaultAccounts.userPassword | quote}}
+      defaultUserPassword: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote}}
@@ -138,8 +138,8 @@ nubusKeycloakExtensions:
 nubusPortalListener:
  portalListener:
-    objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+    objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
-    objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
+    objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
    objectStorageCredentialSecret:
      name: "ums-portal-listener-minio-opendesk-credentials"
      accessKeyKey: "access-key-id"
@@ -147,8 +147,8 @@ nubusPortalListener:
 nubusPortalServer:
  portalServer:
-    objectStorageEndpoint: {{ .Values.objectstores.univentionManagementStack.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
+    objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
-    objectStorageBucket: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
+    objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
    objectStorageCredentialSecret:
      name: "ums-portal-server-minio-opendesk-credentials"
      accessKeyKey: "access-key-id"
@@ -184,7 +184,7 @@ nubusStackDataUms:
 nubusStackDataSwp:
  stackDataContext:
    ldapSearchUsers:
-      {{- range $username, $password := .Values.secrets.univentionManagementStack.ldapSearch }}
+      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
      - username: {{ printf "ldapsearch_%s" $username | quote }}
        password: {{ $password | quote }}
        lastname: "LDAP-Search-User"
@@ -280,12 +280,12 @@ extraSecrets:
      umcKeycloakExtensionsSmtpPassword: {{ .Values.smtp.password | quote }}
  - name: "ums-portal-server-minio-opendesk-credentials"
    stringData:
-      access-key-id: {{ .Values.objectstores.univentionManagementStack.username | quote }}
+      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
-      secret-key-id: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
+      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
  - name: "ums-portal-listener-minio-opendesk-credentials"
    stringData:
-      access-key-id: {{ .Values.objectstores.univentionManagementStack.username | quote }}
+      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
-      secret-key-id: {{ .Values.objectstores.univentionManagementStack.secretKey | default .Values.secrets.minio.umsUser | quote }}
+      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
  - name: "ums-umc-server-smtp-credentials-custom"
    stringData:
      password: {{ .Values.smtp.password | quote }}
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -89,7 +89,7 @@ nubusPortalListener:
    {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
  persistence:
    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
-    size: {{ .Values.persistence.size.univentionManagementStack.portalListener | quote }}
+    size: {{ .Values.persistence.size.nubus.portalListener | quote }}
 nubusPortalServer:
  additionalAnnotations:
@@ -118,7 +118,7 @@ nubusLdapServer:
  resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
  persistence:
    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
-    size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
+    size: {{ .Values.persistence.size.nubus.ldapServerData | quote }}
  extraVolumes:
    - name: "opendesk-schemas"
      configMap:
--- a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
@@ -461,7 +461,7 @@ config:
        redirectUris:
          - "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*"
          - "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*"
-          - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        standardFlowEnabled: true
        directAccessGrantsEnabled: true
        serviceAccountsEnabled: true
@@ -472,7 +472,7 @@ config:
        attributes:
          backchannel.logout.session.required: true
          backchannel.logout.url: "https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/_synapse/client/oidc/backchannel_logout"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes:
          - "opendesk-matrix-scope"
      # The following is a temporary OIDC client for matrix, as the OIDC logout still uses "matrix" as client ID.
@@ -488,7 +488,7 @@ config:
        publicClient: false
        authorizationServicesEnabled: false
        attributes:
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes: []
        optionalClientScopes: []
      - name: "opendesk-nextcloud"
@@ -498,7 +498,7 @@ config:
        secret: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
        redirectUris:
          - "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*"
-          - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        consentRequired: false
        frontchannelLogout: false
        publicClient: false
@@ -506,7 +506,7 @@ config:
        attributes:
          backchannel.logout.session.required: true
          backchannel.logout.url: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/index.php/apps/user_oidc/backchannel-logout/opendesk"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes:
          - "opendesk-nextcloud-scope"
          - "read_contacts"
@@ -518,7 +518,7 @@ config:
        secret: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
        redirectUris:
          - "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*"
-          - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        consentRequired: false
        frontchannelLogout: false
        publicClient: false
@@ -527,7 +527,7 @@ config:
        attributes:
          backchannel.logout.session.required: true
          backchannel.logout.url: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/auth/keycloak/backchannel-logout"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes:
          - "opendesk-openproject-scope"
      - name: "opendesk-oxappsuite"
@@ -537,7 +537,7 @@ config:
        secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
        redirectUris:
          - "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*"
-          - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        consentRequired: false
        frontchannelLogout: false
        publicClient: false
@@ -545,7 +545,7 @@ config:
        attributes:
          backchannel.logout.session.required: true
          backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes:
          - "opendesk-oxappsuite-scope"
          - "read_contacts"
@@ -557,7 +557,7 @@ config:
        secret: {{ .Values.secrets.keycloak.clientSecret.xwiki | quote }}
        redirectUris:
          - "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*"
-          - "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        consentRequired: false
        frontchannelLogout: false
        publicClient: false
@@ -565,7 +565,7 @@ config:
        attributes:
          backchannel.logout.session.required: false
          backchannel.logout.url: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/oidc/authenticator/backchannel_logout"
-          post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/*"
+          post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
        defaultClientScopes:
          - "opendesk-xwiki-scope"
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -23,7 +23,7 @@ dovecot:
    port: 389
    base: "dc=swp-ldap,dc=internal"
    dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
-    password: {{ .Values.secrets.univentionManagementStack.ldapSearch.dovecot | quote }}
+    password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
  oidc:
    enabled: true
    clientID: "opendesk-dovecot"
--- a/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-enterprise-contact-picker.yaml.gotmpl
@@ -23,7 +23,7 @@ appsuite:
            type: "adminDN"
            adminDN:
              dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
-              password: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
+              password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
    uiSettings:
      # Enterprise contact picker
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -185,7 +185,7 @@ appsuite:
      com.openexchange.oidc.opLogoutEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout"
      com.openexchange.oidc.opTokenEndpoint: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/token"
      com.openexchange.oidc.rpRedirectURIAuth: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/auth"
-      com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+      com.openexchange.oidc.rpRedirectURILogout: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
      com.openexchange.oidc.rpRedirectURIPostSSOLogout: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/appsuite/api/oidc/logout"
      com.openexchange.oidc.ssoLogout: "true"
      com.openexchange.oidc.startDefaultBackend: "true"
@@ -269,7 +269,7 @@ appsuite:
      /opt/open-xchange/etc/ldapauth.properties:
        java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
        bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
-        bindDNPassword: {{ .Values.secrets.univentionManagementStack.ldapSearch.ox | quote }}
+        bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
        bindOnly: "false"
      /opt/open-xchange/etc/antivirus.properties:
        com.openexchange.antivirus.enabled: "true"
@@ -311,7 +311,7 @@ appsuite:
      # io.ox/mail//contactCollectOnMailAccess: "true"
      # Dynamic theme
      io.ox/dynamic-theme//mainColor: {{ .Values.theme.colors.primary | quote }}
-      io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
+      io.ox/dynamic-theme//logoURL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
      io.ox/dynamic-theme//topbarBackground: {{ .Values.theme.colors.white | quote }}
      io.ox/dynamic-theme//topbarColor: {{ .Values.theme.colors.black | quote }}
      io.ox/dynamic-theme//listSelected: {{ .Values.theme.colors.primary15 | quote }}
--- a/helmfile/apps/openproject/values.yaml.gotmpl
+++ b/helmfile/apps/openproject/values.yaml.gotmpl
@@ -37,7 +37,7 @@ environment:
  # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
  OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }}
  OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
-  OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionManagementStack.ldapSearch.openproject | quote }}
+  OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }}
  OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
  OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
  OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
@@ -57,7 +57,7 @@ environment:
  OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
  OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
  OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
-  OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+  OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
  OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
  OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
  OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
--- a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl
@@ -21,7 +21,7 @@ oxConnector:
  domainName: {{ .Values.global.domain | quote }}
  ldapHost: {{ .Values.ldap.host | quote }}
  logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
-  ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
+  ldapPassword: {{ .Values.secrets.nubus.ldapSecret | quote }}
  ldapBaseDn: "dc=swp-ldap,dc=internal"
  ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
  tlsMode: "off"
--- a/helmfile/apps/services/values-minio.yaml.gotmpl
+++ b/helmfile/apps/services/values-minio.yaml.gotmpl
@@ -98,7 +98,7 @@ provisioning:
    - name: {{ .Values.objectstores.openproject.bucket | quote }}
      versioning: true
      withLock: false
-    - name: {{ .Values.objectstores.univentionManagementStack.bucket | quote }}
+    - name: {{ .Values.objectstores.nubus.bucket | quote }}
      versioning: false
      withLock: false
  policies:
@@ -169,7 +169,7 @@ provisioning:
      policies:
        - "openproject-bucket-policy"
      setPolicies: true
-    - username: {{ .Values.objectstores.univentionManagementStack.username | quote }}
+    - username: {{ .Values.objectstores.nubus.username | quote }}
      password: {{ .Values.secrets.minio.umsUser | quote }}
      disabled: false
      policies:
--- a/helmfile/apps/services/values-otterize.yaml.gotmpl
+++ b/helmfile/apps/services/values-otterize.yaml.gotmpl
@@ -41,7 +41,7 @@ apps:
  redis:
    enabled: {{ .Values.redis.enabled }}
  univentionManagementStack:
-    enabled: {{ .Values.univentionManagementStack.enabled }}
+    enabled: {{ .Values.nubus.enabled }}
  xwiki:
    enabled: {{ .Values.xwiki.enabled }}
--- a/helmfile/apps/xwiki/values.yaml.gotmpl
+++ b/helmfile/apps/xwiki/values.yaml.gotmpl
@@ -55,7 +55,7 @@ customConfigs:
    xwiki.authentication.ldap.port: 389
    ## Authentication to the LDAP server
    xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
-    xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.univentionManagementStack.ldapSearch.xwiki | quote }}
+    xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }}
    ## Base DN used for searching for users
    xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
    ## Allow short update cycles of the LDAP group cache
@@ -83,8 +83,8 @@ customConfigs:
    # yamllint disable-line rule:line-length
    oidc.userinfoclaims: "xwiki_user_accessibility,xwiki_user_company,xwiki_user_displayHiddenDocuments,xwiki_user_editor,xwiki_user_usertype"
    url.trustedDomains: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
-    workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
+    workplaceServices.navigationEndpoint: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json"
-    workplaceServices.base: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
+    workplaceServices.base: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
    workplaceServices.portalSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
    openoffice.serverType: "0"
    notifications.emails.live.graceTime: "5"
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -200,7 +200,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
    name: "opendesk-migrations"
-    version: "1.1.0"
+    version: "1.1.1"
    verify: true
  minio:
    # providerCategory: "Community"
--- a/helmfile/environments/default/global.gotmpl
+++ b/helmfile/environments/default/global.gotmpl
@@ -40,11 +40,11 @@ global:
    minioApi: "minio"
    minioConsole: "minio-console"
    nextcloud: "fs"
    nubus: "portal"
    openproject: "project"
    openxchange: "webmail"
    synapse: "matrix"
    synapseFederation: "matrix-federation"
    univentionManagementStack: "portal"
    whiteboard: "whiteboard"
    xwiki: "wiki"
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -205,7 +205,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.1.0@sha256:328ccb92ff2c826ffb12d9e1838f719f160158f693d5e1c06640be221a4e45ea"
+    tag: "1.1.4@sha256:24ebdfee9dfa5f54447bd6a0c4ab86c6eced47475ba4e7c1f6c13bc21e33a528"
  milter:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
--- a/helmfile/environments/default/objectstores.yaml
+++ b/helmfile/environments/default/objectstores.yaml
@@ -33,7 +33,7 @@ objectstores:
    username: "openproject_user"
    pathStyle: true
    useIamProfile: false
-  univentionManagementStack:
+  nubus:
    bucket: "ums"
    endpoint: ""
    region: "eu-west-1"
--- a/helmfile/environments/default/opendesk_main.gotmpl
+++ b/helmfile/environments/default/opendesk_main.gotmpl
@@ -49,6 +49,9 @@ minio:
 nextcloud:
  enabled: true
  namespace: {{ env "NAMESPACE" | quote }}
 nubus:
  enabled: true
  namespace: {{ env "NAMESPACE" | quote }}
 openproject:
  enabled: true
  namespace: {{ env "NAMESPACE" | quote }}
@@ -67,9 +70,6 @@ postgresql:
 redis:
  enabled: true
  namespace: {{ env "NAMESPACE" | quote }}
 univentionManagementStack:
  enabled: true
  namespace: {{ env "NAMESPACE" | quote }}
 xwiki:
  enabled: true
  namespace: {{ env "NAMESPACE" | quote }}
--- a/helmfile/environments/default/persistence.yaml
+++ b/helmfile/environments/default/persistence.yaml
@@ -16,7 +16,7 @@ persistence:
    prosody: "1Gi"
    redis: "1Gi"
    synapse: "1Gi"
-    univentionManagementStack:
+    nubus:
      ldapServerData: "1Gi"
      ldapServerShared: "1Gi"
      portalListener: "1Gi"
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -18,7 +18,7 @@ secrets:
    cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
    shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_crypt_key" | sha1sum | quote }}
    sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryption_key" | sha1sum | quote }}
-  univentionManagementStack:
+  nubus:
    ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
    ldapSearch:
      keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }}
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -18,16 +18,16 @@ persistence:
    mariadb: "42Gi"
    matrixNeoDateFixBot: "42Gi"
    minio: "42Gi"
    nubus:
      ldapServerData: "42Gi"
      ldapServerShared: "42Gi"
      portalListener: "42Gi"
      selfserviceListener: "42Gi"
    postfix: "42Gi"
    postgresql: "42Gi"
    prosody: "42Gi"
    redis: "42Gi"
    synapse: "42Gi"
    univentionManagementStack:
      ldapServerData: "42Gi"
      ldapServerShared: "42Gi"
      portalListener: "42Gi"
      selfserviceListener: "42Gi"
    xwiki: "42Gi"
 ingress:
  ingressClassName: "kyverno"