fix(helmfile): Remove default SMTP credentials and create docs for SMTP/TURN

2025-12-06 07:21:36 +01:00 · 2023-09-13 23:39:38 +02:00
parent a799db03c4
commit e120f5fb9a
3 changed files with 31 additions and 21 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -141,23 +141,6 @@ variables:
  dependencies: []
  extends: ".environments"
  image: "registry.souvap-univention.de/souvap/tooling/images/helm:latest"
-  secrets:
-    SMTP_PASSWORD:
-      vault:
-        engine:
-          name: "kv-v2"
-          path: "swp"
-        path: "accounts/brained/mail/relay@souvap-univention.de"
-        field: "password"
-      file: false
-    TURN_CREDENTIALS:
-      vault:
-        engine:
-          name: "kv-v2"
-          path: "swp"
-        path: "accounts/souvap-univention.de/develop/turn/secret"
-        field: "credentials"
-      file: false
  script:
    - "cd ${CI_PROJECT_DIR}/helmfile/apps/${COMPONENT}"
    # MASTER_PASSWORD_WEB_VAR as precedence for MASTER_PASSWORD
--- a/README.md
+++ b/README.md
@@ -91,8 +91,6 @@ installation.
 | `DOMAIN`            | `souvap.cloud`        | External reachable domain                         |
 | `ISTIO_DOMAIN`      | `istio.souvap.cloud`  | External reachable domain for Istio Gateway       |
 | `MASTER_PASSWORD`   | `sovereign-workplace` | The password that seeds the autogenerated secrets |
-| `SMTP_PASSWORD`     |                       | Password for SMTP relay gateway                   |
-| `TURN_CREDENTIALS`  |                       | Credentials for coturn server                     |

 Please ensure that you set the DNS records pointing to the loadbalancer/IP for
 `DOMAIN` and `ISTIO_DOMAIN`.
@@ -306,6 +304,35 @@ actual scalability of the components (see column `Scaling (verified)`).
 | XWiki       | `replicas.xwiki`       | :white_check_mark:  |       :gear:       |


+### Mail/SMTP configuration
+
+To use the full potential of the openDesk, you need to set up a STMP Smarthost/Relay which allows to send emails from 
+the whole subdomain.
+
+```yaml
+smtp:
+  host:     # your SMTP host or IP-address
+  username: # username/email for authentication
+  password: # password for authentication, or via environment variable SMTP_PASSWORD
+```
+
+### TURN configuration
+
+Some components (Jitsi, Element) use for direct communication a TURN server.
+You can configure your own TURN server with these options:
+
+```yaml
+turn:
+  transport:   # "udp" or "tcp"
+  credentials: # turn credential string
+  server:      # configuration for unsecure connections
+    host:      # your TURN host or IP-address
+    port:      # server port
+  tls:         # configuration for secure connections
+    host:      # your TURN host or IP-address
+    port:      # server port
+```
+
 ## Security

 This list gives you an overview of default security settings and if they comply with security standards:
--- a/helmfile/environments/default/smtp.gotmpl
+++ b/helmfile/environments/default/smtp.gotmpl
@@ -4,7 +4,7 @@ SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 smtp:
-  host: "mail.brained.io"
-  username: "relay@souvap-univention.de"
+  host: ""
+  username: ""
  password: "{{ env "SMTP_PASSWORD" }}"
 ...