diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f45537ea..a460e67c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -121,12 +121,6 @@ variables: options: - "yes" - "no" - DEPLOY_ICS: - description: "Enable ICS deployment." - value: "no" - options: - - "yes" - - "no" DEPLOY_XWIKI: description: "Enable XWiki deployment." value: "no" @@ -318,18 +312,6 @@ ox-deploy: variables: COMPONENT: "open-xchange" -ics-deploy: - stage: "component-deploy-stage-1" - extends: ".deploy-common" - rules: - - if: > - $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" && - $NAMESPACE =~ /.+/ && - ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no") - when: "on_success" - variables: - COMPONENT: "intercom-service" - xwiki-deploy: stage: "component-deploy-stage-1" extends: ".deploy-common" diff --git a/.gitlab/lint/lint-kyverno.yml b/.gitlab/lint/lint-kyverno.yml index dfc42d1e..a1b6ec5f 100644 --- a/.gitlab/lint/lint-kyverno.yml +++ b/.gitlab/lint/lint-kyverno.yml @@ -14,7 +14,6 @@ lint-kyverno: - "collabora" - "cryptpad" - "element" - - "intercom-service" - "jitsi" - "nextcloud" - "nubus" diff --git a/docs/components.md b/docs/components.md index ccceecff..aae47a0d 100644 --- a/docs/components.md +++ b/docs/components.md @@ -35,19 +35,18 @@ they need to be replaced in production deployments. | CryptPad | Weboffice | Functional | | dkimpy-milter | DKIM milter for Postfix | Eval | | Element | Secure communications platform | Functional | -| Intercom Service | Cross service data exchange | Functional | | Jitsi | Videoconferencing | Functional | | MariaDB | Database | Eval | | Memcached | Cache Database | Eval | | MinIO | Object Storage | Eval | | Nextcloud | File share | Functional | +| Nubus (UMS) | Identity Management & Portal | Functional | | OpenProject | Project management | Functional | | OX Appsuite | Groupware | Functional | | OX Dovecot | Mail backend (IMAP) | Functional | | Postfix | MTA | Eval | | PostgreSQL | Database | Eval | | Redis | Cache Database | Eval | -| Univention Management Stack | Identity Management & Portal | Functional | | XWiki | Knowledge Management | Functional | # Component integration @@ -74,9 +73,9 @@ Most details can be found in the upstream documentation that is linked in the re ## Intercom Service / Silent Login -The Intercom Service's role is to enable cross-application integration based on the user's browser interaction as handling -authentication when the frontend of an application has to call the API from another application is often a -challenge. +The Intercom Service is deployed in context of Nubus/UMS. Its role is to enable cross-application integration +based on the user's browser interaction as handling authentication when the frontend of an application has to call +the API from another application is often a challenge. To establish a session with the Intercom Service an application can use the silent login feature within an iframe. diff --git a/docs/getting-started.md b/docs/getting-started.md index 2393d4d0..88c741ce 100644 --- a/docs/getting-started.md +++ b/docs/getting-started.md @@ -109,7 +109,6 @@ All available apps and their default value can be found in `helmfile/environment | CryptPad | `cryptpad.enabled` | `true` | Weboffice | | Dovecot | `dovecot.enabled` | `true` | Mail backend | | Element | `element.enabled` | `true` | Secure communications platform | -| Intercom Service | `intercom.enabled` | `true` | Cross service data exchange | | Jitsi | `jitsi.enabled` | `true` | Videoconferencing | | MariaDB | `mariadb.enabled` | `true` | Database | | Memcached | `memcached.enabled` | `true` | Cache Database | diff --git a/docs/security-context.md b/docs/security-context.md index 418f2595..68eba065 100644 --- a/docs/security-context.md +++ b/docs/security-context.md @@ -158,7 +158,6 @@ This list gives you an overview of templated security settings and if they compl | **element**/opendesk-synapse | :white_check_mark: | no | no | yes | yes | 10991 | 10991 | yes | yes | | **element**/opendesk-synapse-web | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes | | **element**/opendesk-well-known | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes | -| **intercom-service**/intercom-service | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes | | **jitsi**/jitsi | :white_check_mark: | no | no | yes | yes | 1993 | 1993 | yes | yes | | **jitsi**/jitsi/jitsi/jibri | :x: | n/a | n/a | n/a | n/a | n/a | n/a | n/a | no ["SYS_ADMIN"] | | **jitsi**/jitsi/jitsi/jicofo | :x: | no | no | no | no | 0 | 0 | yes | no | @@ -196,6 +195,7 @@ This list gives you an overview of templated security settings and if they compl | **services**/postfix | :x: | yes | yes | no | no | 0 | 0 | yes | no | | **services**/postgresql | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes | | **services**/redis/master | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes | +| **univention-management-stack**/intercom-service | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes | | **univention-management-stack**/opendesk-keycloak-bootstrap | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes | | **univention-management-stack**/ums/keycloak | :x: | no | no | no | yes | 1000 | 1000 | yes | yes | | **univention-management-stack**/ums/keycloak-bootstrap | :x: | no | no | no | yes | 1000 | 1000 | yes | yes | diff --git a/docs/workflow.md b/docs/workflow.md index 5114f76c..b1692c6f 100644 --- a/docs/workflow.md +++ b/docs/workflow.md @@ -355,7 +355,7 @@ Commit messages must adhere to the [Conventional Commit standard](https://www.co │ │ | │ │ └─> Issue reference (optional) │ │ - │ └─> Commit Scope: helmfile, docs, collabora, intercom-service, ... + │ └─> Commit Scope: helmfile, docs, collabora, nextcloud, open-xhcange etc. │ └─> Commit Type: chore, ci, docs, feat, fix ``` diff --git a/helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl b/helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl deleted file mode 100644 index 70ce779c..00000000 --- a/helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl +++ /dev/null @@ -1,27 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH -# SPDX-License-Identifier: Apache-2.0 ---- -repositories: - # Intercom Service - # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service - - name: "intercom-service-repo" - keyring: "../../files/gpg-pubkeys/univention-de.gpg" - verify: {{ .Values.charts.intercomService.verify }} - username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} - password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} - oci: true - url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}" - -releases: - - name: "intercom-service" - chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}" - version: "{{ .Values.charts.intercomService.version }}" - values: - - "values.yaml.gotmpl" - - {{ .Values.customization.release.intercomService | default "additionalValues: false" }} - installed: {{ .Values.intercom.enabled }} - -commonLabels: - deploy-stage: "component-1" - component: "intercom-service" -... diff --git a/helmfile/apps/intercom-service/helmfile.yaml.gotmpl b/helmfile/apps/intercom-service/helmfile.yaml.gotmpl deleted file mode 100644 index 119da8a5..00000000 --- a/helmfile/apps/intercom-service/helmfile.yaml.gotmpl +++ /dev/null @@ -1,12 +0,0 @@ -# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH -# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" -# SPDX-License-Identifier: Apache-2.0 ---- -bases: - - "../../bases/environments.yaml" ---- -helmfiles: - - path: "./helmfile-child.yaml.gotmpl" - values: - - {{ toYaml .Values | nindent 8 }} -... diff --git a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl index 58d7ff1e..ef9f061c 100644 --- a/helmfile/apps/nubus/helmfile-child.yaml.gotmpl +++ b/helmfile/apps/nubus/helmfile-child.yaml.gotmpl @@ -11,7 +11,16 @@ repositories: oci: true url: "{{ .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}" - # OpenDesk Keycloak Bootstrap Chart + # Intercom Service + # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service + - name: "intercom-service-repo" + keyring: "../../files/gpg-pubkeys/univention-de.gpg" + verify: {{ .Values.charts.intercomService.verify }} + username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }} + password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }} + oci: true + url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}" + # openDesk Keycloak Bootstrap Chart - name: "opendesk-keycloak-bootstrap-repo" keyring: "../../files/gpg-pubkeys/opencode.gpg" verify: {{ .Values.charts.opendeskKeycloakBootstrap.verify }} @@ -32,7 +41,16 @@ releases: - {{ .Values.customization.release.ums | default "additionalValues: false" }} installed: {{ .Values.nubus.enabled }} timeout: 900 - # OpenDesk Keycloak Bootstrap Chart + # Intercom-Service + - name: "intercom-service" + chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}" + version: "{{ .Values.charts.intercomService.version }}" + values: + - "values-intercom-service.yaml.gotmpl" + - {{ .Values.customization.release.intercomService | default "additionalValues: false" }} + installed: {{ .Values.nubus.enabled }} + + # openDesk Keycloak Bootstrap Chart - name: "opendesk-keycloak-bootstrap" chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.opendeskKeycloakBootstrap.name }}" version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}" diff --git a/helmfile/apps/intercom-service/values.yaml.gotmpl b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl similarity index 100% rename from helmfile/apps/intercom-service/values.yaml.gotmpl rename to helmfile/apps/nubus/values-intercom-service.yaml.gotmpl diff --git a/helmfile/apps/services/values-certificates.yaml.gotmpl b/helmfile/apps/services/values-certificates.yaml.gotmpl index 09a0bea2..ab4e691d 100644 --- a/helmfile/apps/services/values-certificates.yaml.gotmpl +++ b/helmfile/apps/services/values-certificates.yaml.gotmpl @@ -23,7 +23,7 @@ global: synapseFederation: {{ .Values.global.hosts.synapseFederation }} whiteboard: {{ .Values.global.hosts.whiteboard }} {{- end }} - {{- if .Values.intercom.enabled }} + {{- if .Values.nubus.enabled }} intercomService: {{ .Values.global.hosts.intercomService }} {{- end }} {{- if .Values.jitsi.enabled }} diff --git a/helmfile/apps/services/values-otterize.yaml.gotmpl b/helmfile/apps/services/values-otterize.yaml.gotmpl index 7d4762c3..6d1d9ac8 100644 --- a/helmfile/apps/services/values-otterize.yaml.gotmpl +++ b/helmfile/apps/services/values-otterize.yaml.gotmpl @@ -16,8 +16,6 @@ apps: enabled: {{ .Values.dovecot.enabled }} element: enabled: {{ .Values.element.enabled }} - intercom: - enabled: {{ .Values.intercom.enabled }} jitsi: enabled: {{ .Values.jitsi.enabled }} mariadb: diff --git a/helmfile/environments/default/customization.yaml b/helmfile/environments/default/customization.yaml index 9e427963..9ab2a294 100644 --- a/helmfile/environments/default/customization.yaml +++ b/helmfile/environments/default/customization.yaml @@ -17,8 +17,6 @@ customization: opendeskWellKnown: ~ opendeskSynapseWeb: ~ opendeskSynapse: ~ - # intercom-service - intercomService: ~ # jitsi jitsi: ~ # migrations-post @@ -30,6 +28,7 @@ customization: opendeskNextcloud: ~ # nubus ums: ~ + intercomService: ~ opendeskKeycloakBootstrap: ~ # open-xchange dovecot: ~ diff --git a/helmfile/environments/default/opendesk_main.gotmpl b/helmfile/environments/default/opendesk_main.gotmpl index 3d8b0006..c6311a2c 100644 --- a/helmfile/environments/default/opendesk_main.gotmpl +++ b/helmfile/environments/default/opendesk_main.gotmpl @@ -31,9 +31,6 @@ element: home: enabled: true namespace: ~ -intercom: - enabled: true - namespace: ~ jitsi: enabled: true namespace: ~ @@ -61,9 +58,6 @@ openproject: oxAppsuite: enabled: true namespace: ~ -oxConnector: - enabled: true - namespace: ~ postfix: enabled: true namespace: ~ diff --git a/helmfile_generic.yaml.gotmpl b/helmfile_generic.yaml.gotmpl index e90d6a76..d6245b91 100644 --- a/helmfile_generic.yaml.gotmpl +++ b/helmfile_generic.yaml.gotmpl @@ -15,8 +15,6 @@ helmfiles: values: *values - path: "helmfile/apps/nubus/helmfile-child.yaml.gotmpl" values: *values - - path: "helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl" - values: *values - path: "helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl" values: *values - path: "helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl"