fix(helmfile): Move Intercom-Service to Nubus component.

.gitlab-ci.yml

@@ -121,12 +121,6 @@ variables:
     options:
       - "yes"
       - "no"
-  DEPLOY_ICS:
-    description: "Enable ICS deployment."
-    value: "no"
-    options:
-      - "yes"
-      - "no"
   DEPLOY_XWIKI:
     description: "Enable XWiki deployment."
     value: "no"
@@ -318,18 +312,6 @@ ox-deploy:
   variables:
     COMPONENT: "open-xchange"
 
-ics-deploy:
-  stage: "component-deploy-stage-1"
-  extends: ".deploy-common"
-  rules:
-    - if: >
-          $CI_PIPELINE_SOURCE =~ "web|schedules|trigger|api" &&
-          $NAMESPACE =~ /.+/ &&
-          ($DEPLOY_ALL_COMPONENTS != "no" || $DEPLOY_ICS != "no")
-      when: "on_success"
-  variables:
-    COMPONENT: "intercom-service"
-
 xwiki-deploy:
   stage: "component-deploy-stage-1"
   extends: ".deploy-common"

.gitlab/lint/lint-kyverno.yml

@@ -14,7 +14,6 @@ lint-kyverno:
           - "collabora"
           - "cryptpad"
           - "element"
-          - "intercom-service"
           - "jitsi"
           - "nextcloud"
           - "nubus"

docs/components.md

@@ -35,19 +35,18 @@ they need to be replaced in production deployments.
 | CryptPad                    | Weboffice                      | Functional |
 | dkimpy-milter               | DKIM milter for Postfix        | Eval       |
 | Element                     | Secure communications platform | Functional |
-| Intercom Service            | Cross service data exchange    | Functional |
 | Jitsi                       | Videoconferencing              | Functional |
 | MariaDB                     | Database                       | Eval       |
 | Memcached                   | Cache Database                 | Eval       |
 | MinIO                       | Object Storage                 | Eval       |
 | Nextcloud                   | File share                     | Functional |
+| Nubus (UMS)                 | Identity Management & Portal   | Functional |
 | OpenProject                 | Project management             | Functional |
 | OX Appsuite                 | Groupware                      | Functional |
 | OX Dovecot                  | Mail backend (IMAP)            | Functional |
 | Postfix                     | MTA                            | Eval       |
 | PostgreSQL                  | Database                       | Eval       |
 | Redis                       | Cache Database                 | Eval       |
-| Univention Management Stack | Identity Management & Portal   | Functional |
 | XWiki                       | Knowledge Management           | Functional |
 
 # Component integration
@@ -74,9 +73,9 @@ Most details can be found in the upstream documentation that is linked in the re
 
 ## Intercom Service / Silent Login
 
-The Intercom Service's role is to enable cross-application integration based on the user's browser interaction as handling
+The Intercom Service is deployed in context of Nubus/UMS. Its role is to enable cross-application integration
-authentication when the frontend of an application has to call the API from another application is often a
+based on the user's browser interaction as handling authentication when the frontend of an application has to call
-challenge.
+the API from another application is often a challenge.
 
 To establish a session with the Intercom Service an application can use the silent login feature within an iframe.
 

docs/getting-started.md

@@ -109,7 +109,6 @@ All available apps and their default value can be found in `helmfile/environment
 | CryptPad             | `cryptpad.enabled`          | `true`  | Weboffice                      |
 | Dovecot              | `dovecot.enabled`           | `true`  | Mail backend                   |
 | Element              | `element.enabled`           | `true`  | Secure communications platform |
-| Intercom Service     | `intercom.enabled`          | `true`  | Cross service data exchange    |
 | Jitsi                | `jitsi.enabled`             | `true`  | Videoconferencing              |
 | MariaDB              | `mariadb.enabled`           | `true`  | Database                       |
 | Memcached            | `memcached.enabled`         | `true`  | Cache Database                 |

docs/security-context.md

@@ -158,7 +158,6 @@ This list gives you an overview of templated security settings and if they compl
 | **element**/opendesk-synapse | :white_check_mark: | no | no | yes | yes | 10991 | 10991 | yes | yes |
 | **element**/opendesk-synapse-web | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
 | **element**/opendesk-well-known | :white_check_mark: | no | no | yes | yes | 101 | 101 | yes | yes |
-| **intercom-service**/intercom-service | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
 | **jitsi**/jitsi | :white_check_mark: | no | no | yes | yes | 1993 | 1993 | yes | yes |
 | **jitsi**/jitsi/jitsi/jibri | :x: | n/a | n/a | n/a | n/a | n/a | n/a | n/a | no ["SYS_ADMIN"] |
 | **jitsi**/jitsi/jitsi/jicofo | :x: | no | no | no | no | 0 | 0 | yes | no |
@@ -196,6 +195,7 @@ This list gives you an overview of templated security settings and if they compl
 | **services**/postfix | :x: | yes | yes | no | no | 0 | 0 | yes | no |
 | **services**/postgresql | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes |
 | **services**/redis/master | :white_check_mark: | no | no | yes | yes | 1001 | 1001 | yes | yes |
+| **univention-management-stack**/intercom-service | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
 | **univention-management-stack**/opendesk-keycloak-bootstrap | :white_check_mark: | no | no | yes | yes | 1000 | 1000 | yes | yes |
 | **univention-management-stack**/ums/keycloak | :x: | no | no | no | yes | 1000 | 1000 | yes | yes |
 | **univention-management-stack**/ums/keycloak-bootstrap | :x: | no | no | no | yes | 1000 | 1000 | yes | yes |

docs/workflow.md

@@ -355,7 +355,7 @@ Commit messages must adhere to the [Conventional Commit standard](https://www.co
   │       │              |
   │       │              └─> Issue reference (optional)
   │       │
-  │       └─> Commit Scope: helmfile, docs, collabora, intercom-service, ...
+  │       └─> Commit Scope: helmfile, docs, collabora, nextcloud, open-xhcange etc.
   │
   └─> Commit Type: chore, ci, docs, feat, fix
 ```

helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl

@@ -1,27 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
----
-repositories:
-  # Intercom Service
-  # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
-  - name: "intercom-service-repo"
-    keyring: "../../files/gpg-pubkeys/univention-de.gpg"
-    verify: {{ .Values.charts.intercomService.verify }}
-    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}"
-
-releases:
-  - name: "intercom-service"
-    chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}"
-    version: "{{ .Values.charts.intercomService.version }}"
-    values:
-      - "values.yaml.gotmpl"
-      - {{ .Values.customization.release.intercomService | default "additionalValues: false" }}
-    installed: {{ .Values.intercom.enabled }}
-
-commonLabels:
-  deploy-stage: "component-1"
-  component: "intercom-service"
-...

helmfile/apps/intercom-service/helmfile.yaml.gotmpl

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml.gotmpl"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/nubus/helmfile-child.yaml.gotmpl

@@ -11,7 +11,16 @@ repositories:
     oci: true
     url:
       "{{ .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}"
-  # OpenDesk Keycloak Bootstrap Chart
+  # Intercom Service
+  # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
+  - name: "intercom-service-repo"
+    keyring: "../../files/gpg-pubkeys/univention-de.gpg"
+    verify: {{ .Values.charts.intercomService.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}"
+  # openDesk Keycloak Bootstrap Chart
   - name: "opendesk-keycloak-bootstrap-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.opendeskKeycloakBootstrap.verify }}
@@ -32,7 +41,16 @@ releases:
       - {{ .Values.customization.release.ums | default "additionalValues: false" }}
     installed: {{ .Values.nubus.enabled }}
     timeout: 900
-  # OpenDesk Keycloak Bootstrap Chart
+  # Intercom-Service
+  - name: "intercom-service"
+    chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}"
+    version: "{{ .Values.charts.intercomService.version }}"
+    values:
+      - "values-intercom-service.yaml.gotmpl"
+      - {{ .Values.customization.release.intercomService | default "additionalValues: false" }}
+    installed: {{ .Values.nubus.enabled }}
+
+  # openDesk Keycloak Bootstrap Chart
   - name: "opendesk-keycloak-bootstrap"
     chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.opendeskKeycloakBootstrap.name }}"
     version: "{{ .Values.charts.opendeskKeycloakBootstrap.version }}"

helmfile/apps/services/values-certificates.yaml.gotmpl

@@ -23,7 +23,7 @@ global:
     synapseFederation: {{ .Values.global.hosts.synapseFederation }}
     whiteboard: {{ .Values.global.hosts.whiteboard }}
     {{- end }}
-    {{- if .Values.intercom.enabled }}
+    {{- if .Values.nubus.enabled }}
     intercomService: {{ .Values.global.hosts.intercomService }}
     {{- end }}
     {{- if .Values.jitsi.enabled }}

helmfile/apps/services/values-otterize.yaml.gotmpl

@@ -16,8 +16,6 @@ apps:
     enabled: {{ .Values.dovecot.enabled }}
   element:
     enabled: {{ .Values.element.enabled }}
-  intercom:
-    enabled: {{ .Values.intercom.enabled }}
   jitsi:
     enabled: {{ .Values.jitsi.enabled }}
   mariadb:

helmfile/environments/default/customization.yaml

@@ -17,8 +17,6 @@ customization:
     opendeskWellKnown: ~
     opendeskSynapseWeb: ~
     opendeskSynapse: ~
-    # intercom-service
-    intercomService: ~
     # jitsi
     jitsi: ~
     # migrations-post
@@ -30,6 +28,7 @@ customization:
     opendeskNextcloud: ~
     # nubus
     ums: ~
+    intercomService: ~
     opendeskKeycloakBootstrap: ~
     # open-xchange
     dovecot: ~

helmfile/environments/default/opendesk_main.gotmpl

@@ -31,9 +31,6 @@ element:
 home:
   enabled: true
   namespace: ~
-intercom:
-  enabled: true
-  namespace: ~
 jitsi:
   enabled: true
   namespace: ~
@@ -61,9 +58,6 @@ openproject:
 oxAppsuite:
   enabled: true
   namespace: ~
-oxConnector:
-  enabled: true
-  namespace: ~
 postfix:
   enabled: true
   namespace: ~

helmfile_generic.yaml.gotmpl

@@ -15,8 +15,6 @@ helmfiles:
     values: *values
   - path: "helmfile/apps/nubus/helmfile-child.yaml.gotmpl"
     values: *values
-  - path: "helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl"
-    values: *values
   - path: "helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl"
     values: *values
   - path: "helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl"