fix(element): Integrate new Element CE chart

# [1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.9.0...v1.10.0) (2025-11-24)

### Bug Fixes

* **collabora:** Update Controller to 1.1.6 incl. Helm chart update to 1.1.10 ([d25c95f](d25c95f06b))
* **collabora:** Update from 25.04.5 to 25.04.6 ([8de0f5d](8de0f5de72))
* **external-services:** Create `nubus_authsession` database ([ec72602](ec72602cdd))
* **helmfile:** Enable verification for XWiki Helm chart ([5104793](51047936de))
* **helmfile:** Streamline annotations ([7aa717c](7aa717c050))
* **nubus:** Remove legacy `UMC` Keycloak client that was used for SAML connection with the Nubus portal ([152221f](152221fa79))
* **open-xchange:** Only enable `smtpSASLAuthEnable` when `relayHost` is set ([70bbbf3](70bbbf311f))
* **open-xchange:** Optimize Dovecot Pro full-text search caches; review `migrations.md` for required upgrade steps ([f3f707c](f3f707c9ee))
* **open-xchange:** Template SASL security options ([684c6d4](684c6d4f29))
* **open-xchange:** Update Dovecot configuration based on supplier's best practise review ([850761e](850761e047))
* **opendesk-static-files:** [[#260](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/260)] Fix doublette creation of configmap `data` keys when the same file is referenced multiple times for a component ([b5a76be](b5a76bea57))
* **openproject:** Update from 16.1.0 to 16.1.1 ([62fae99](62fae9976a))
* **xwiki:** Update XWiki from 17.4.4 to 17.4.7 ([02a3b77](02a3b77114))

### Features

* **jitsi:** Update from 2.0.10431 to 2.0.10590 ([f5aad1f](f5aad1fa47))
* **nubus:** Update from v1.14.0 to v1.15.2 ([12379d6](12379d67e0))
* **open-xchange:** Support for LDAP group based mailing lists ([cc94f0c](cc94f0c66d))
* **openproject:** Update OpenProject from 16.5.1 to 16.6.0 ([19438c0](19438c0281))

CHANGELOG.md

@@ -1,3 +1,30 @@
+# [1.10.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.9.0...v1.10.0) (2025-11-24)
+
+
+### Bug Fixes
+
+* **collabora:** Update Controller to 1.1.6 incl. Helm chart update to 1.1.10 ([d25c95f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/d25c95f06bc199d09aa6ea4dc09c10e95153de38))
+* **collabora:** Update from 25.04.5 to 25.04.6 ([8de0f5d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/8de0f5de7277ad726588d7de2d06cb3e9376c993))
+* **external-services:** Create `nubus_authsession` database ([ec72602](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/ec72602cdd3207f73ff806a26bfe7b9fd32b8634))
+* **helmfile:** Enable verification for XWiki Helm chart ([5104793](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/51047936de102c610adc00f4dff12d2eb8e945b0))
+* **helmfile:** Streamline annotations ([7aa717c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7aa717c0509a731c060c58a1b5877e1d9899406f))
+* **nubus:** Remove legacy `UMC` Keycloak client that was used for SAML connection with the Nubus portal ([152221f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/152221fa7976bfa942d5e9e9b8f78cc8e65765c0))
+* **open-xchange:** Only enable `smtpSASLAuthEnable` when `relayHost` is set ([70bbbf3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/70bbbf311fcba57c31f535be7d0d453f4a945cee))
+* **open-xchange:** Optimize Dovecot Pro full-text search caches; review `migrations.md` for required upgrade steps ([f3f707c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f3f707c9eee8edf3ad61834d87b5c059f31b0e26))
+* **open-xchange:** Template SASL security options ([684c6d4](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/684c6d4f29dd447872ebe582eef43c04034896f7))
+* **open-xchange:** Update Dovecot configuration based on supplier's best practise review ([850761e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/850761e0475b2f281fb23f6972d5c74fbdaa3a61))
+* **opendesk-static-files:** [[#260](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/issues/260)] Fix doublette creation of configmap `data` keys when the same file is referenced multiple times for a component ([b5a76be](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b5a76bea57ef7b136c54d1bc95c40f0a0c3f9716))
+* **openproject:** Update from 16.1.0 to 16.1.1 ([62fae99](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/62fae9976a731c00700d56ce8fab198bb2531d20))
+* **xwiki:** Update XWiki from 17.4.4 to 17.4.7 ([02a3b77](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/02a3b7711490394690df70ca92bab58b253e34f5))
+
+
+### Features
+
+* **jitsi:** Update from 2.0.10431 to 2.0.10590 ([f5aad1f](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/f5aad1fa47559f0d3941c233c7d40029a9e83281))
+* **nubus:** Update from v1.14.0 to v1.15.2 ([12379d6](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/12379d67e07936496fe31276b2052406e0137db6))
+* **open-xchange:** Support for LDAP group based mailing lists ([cc94f0c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/cc94f0c66df098d0a20f7f0d4a6af5e791557981))
+* **openproject:** Update OpenProject from 16.5.1 to 16.6.0 ([19438c0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/19438c02817875bd408c5d6cf423d7bfb61f907f))
+
 # [1.9.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.8.0...v1.9.0) (2025-11-07)
 
 

helmfile/apps/element-old/helmfile-child.yaml.gotmpl

@@ -0,0 +1,317 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+repositories:
+  # openDesk Element
+  # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element
+  - name: "element-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.element.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}"
+  - name: "element-well-known-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.elementWellKnown.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}"
+  - name: "synapse-web-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapseWeb.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}"
+  - name: "synapse-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapse.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
+  - name: "synapse-create-account-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapseCreateAccount.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}"
+
+  # openDesk Matrix Widgets
+  # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets
+  - name: "matrix-user-verification-service-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.matrixUserVerificationService.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/{{ .Values.charts.matrixUserVerificationService.repository }}"
+  - name: "matrix-neoboard-widget-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
+  - name: "matrix-neochoice-widget-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
+  - name: "matrix-neodatefix-widget-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}"
+  - name: "matrix-neodatefix-bot-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
+    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"
+
+  # openDesk Enterprise Repositories
+
+  # openDesk Element
+  # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element
+  - name: "synapse-admin-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapseAdmin.verify }}
+    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdmin.registry }}/{{ .Values.charts.synapseAdmin.repository }}"
+  - name: "synapse-adminbot-web-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapseAdminbotWeb.verify }}
+    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdminbotWeb.registry }}/{{ .Values.charts.synapseAdminbotWeb.repository }}"
+  - name: "synapse-groupsync-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapseGroupsync.verify }}
+    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseGroupsync.registry }}/{{ .Values.charts.synapseGroupsync.repository }}"
+  - name: "synapse-pipe-repo"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.synapsePipe.verify }}
+    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
+    oci: true
+    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapsePipe.registry }}/{{ .Values.charts.synapsePipe.repository }}"
+
+releases:
+  - name: "opendesk-element"
+    chart: "element-repo/{{ .Values.charts.element.name }}"
+    version: "{{ .Values.charts.element.version }}"
+    values:
+      - "values-element.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskElement }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "opendesk-well-known"
+    chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}"
+    version: "{{ .Values.charts.elementWellKnown.version }}"
+    values:
+      - "values-well-known.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskWellKnown }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-web"
+    chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}"
+    version: "{{ .Values.charts.synapseWeb.version }}"
+    values:
+      - "values-synapse-web.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseWeb }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse"
+    chart: "synapse-repo/{{ .Values.charts.synapse.name }}"
+    version: "{{ .Values.charts.synapse.version }}"
+    values:
+      - "values-synapse.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapse }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "opendesk-matrix-user-verification-service-bootstrap"
+    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
+    version: "{{ .Values.charts.synapseCreateAccount.version }}"
+    values:
+      - "values-matrix-user-verification-service-bootstrap.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixUserVerificationServiceBootstrap }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "opendesk-matrix-user-verification-service"
+    chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
+    version: "{{ .Values.charts.matrixUserVerificationService.version }}"
+    values:
+      - "values-matrix-user-verification-service.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixUserVerificationService }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "matrix-neoboard-widget"
+    chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
+    version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
+    values:
+      - "values-matrix-neoboard-widget.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixNeoboardWidget }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "matrix-neochoice-widget"
+    chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiceWidget.name }}"
+    version: "{{ .Values.charts.matrixNeochoiceWidget.version }}"
+    values:
+      - "values-matrix-neochoice-widget.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixNeochoiceWidget }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "matrix-neodatefix-widget"
+    chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
+    version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
+    values:
+      - "values-matrix-neodatefix-widget.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixNeodatefixWidget }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "matrix-neodatefix-bot-bootstrap"
+    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
+    version: "{{ .Values.charts.synapseCreateAccount.version }}"
+    values:
+      - "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixNeodatefixBotBootstrap }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  - name: "matrix-neodatefix-bot"
+    chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
+    version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
+    values:
+      - "values-matrix-neodatefix-bot.yaml.gotmpl"
+      {{- range .Values.customization.release.matrixNeodatefixBot }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.element.enabled }}
+    timeout: 900
+
+  # openDesk Enterprise Releases
+  - name: "opendesk-synapse-admin"
+    chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}"
+    version: "{{ .Values.charts.synapseAdmin.version }}"
+    values:
+      - "values-synapse-admin.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseAdmin }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementAdmin.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-adminbot-bootstrap"
+    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
+    version: "{{ .Values.charts.synapseCreateAccount.version }}"
+    values:
+      - "values-synapse-adminbot-bootstrap.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementAdmin.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-adminbot-pipe"
+    chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
+    version: "{{ .Values.charts.synapsePipe.version }}"
+    values:
+      - "values-synapse-adminbot-pipe.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementAdmin.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-adminbot-web"
+    chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}"
+    version: "{{ .Values.charts.synapseAdminbotWeb.version }}"
+    values:
+      - "values-synapse-adminbot-web.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementAdmin.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-auditbot-bootstrap"
+    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
+    version: "{{ .Values.charts.synapseCreateAccount.version }}"
+    values:
+      - "values-synapse-auditbot-bootstrap.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementAdmin.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-auditbot-pipe"
+    chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
+    version: "{{ .Values.charts.synapsePipe.version }}"
+    values:
+      - "values-synapse-auditbot-pipe.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementAdmin.enabled }}
+    timeout: 900
+
+  - name: "opendesk-synapse-groupsync"
+    chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}"
+    version: "{{ .Values.charts.synapseGroupsync.version }}"
+    values:
+      - "values-synapse-groupsync.yaml.gotmpl"
+      {{- range .Values.customization.release.opendeskSynapseGroupsync }}
+      - {{ . }}
+      {{- end }}
+    installed: {{ .Values.apps.elementGroupsync.enabled }}
+    timeout: 900
+
+commonLabels:
+  deployStage: "050-components"
+  component: "element"
+...

helmfile/apps/element-old/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml.gotmpl"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/element-old/values-element.yaml.gotmpl

@@ -0,0 +1,172 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+commonAnnotations:
+  {{ .Values.annotations.element.common | toYaml | nindent 2 }}
+
+configuration:
+  endToEndEncryption: true
+  additionalConfiguration:
+    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
+
+    "net.nordeck.element_web.module.opendesk":
+      config:
+        banner:
+          ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
+          ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
+          portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
+          portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/"
+        custom_css_variables:
+          --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }}
+          --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
+
+    "net.nordeck.element_web.module.widget_lifecycle":
+      widget_permissions:
+        "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
+          identity_approved: true
+        "https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
+          preload_approved: true
+          capabilities_approved:
+            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
+            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
+            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
+            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
+            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
+            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
+            - org.matrix.msc2762.receive.state_event:m.room.create
+            - org.matrix.msc2762.send.state_event:m.room.power_levels#
+            - org.matrix.msc2762.receive.state_event:m.room.power_levels#
+            - org.matrix.msc2762.receive.state_event:m.room.member
+            - org.matrix.msc2762.receive.state_event:m.room.name
+            - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
+            - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
+            - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
+            - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
+            - org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
+            - org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
+            - town.robin.msc3846.turn_servers
+            - org.matrix.msc4039.upload_file
+            - org.matrix.msc4039.download_file
+        "https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
+          preload_approved: true
+          capabilities_approved:
+            - org.matrix.msc2762.send.event:net.nordeck.poll.vote
+            - org.matrix.msc2762.receive.event:net.nordeck.poll.vote
+            - org.matrix.msc2762.send.state_event:net.nordeck.poll
+            - org.matrix.msc2762.receive.state_event:net.nordeck.poll
+            - org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
+            - org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
+            - org.matrix.msc2762.receive.state_event:m.room.create
+            - org.matrix.msc2762.receive.state_event:m.room.power_levels
+            - org.matrix.msc2762.receive.state_event:m.room.name
+            - org.matrix.msc2762.receive.state_event:m.room.member
+            - org.matrix.msc2762.send.state_event:net.nordeck.poll.group
+            - org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
+            - org.matrix.msc2762.send.event:net.nordeck.poll.start
+            - org.matrix.msc2762.receive.event:net.nordeck.poll.start
+        "https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
+          preload_approved: true
+          identity_approved: true
+          capabilities_approved:
+            - org.matrix.msc2931.navigate
+            - org.matrix.msc2762.timeline:*
+            - org.matrix.msc2762.receive.state_event:m.room.power_levels
+            - org.matrix.msc2762.receive.event:m.reaction
+            - org.matrix.msc2762.receive.state_event:m.room.create
+            - org.matrix.msc2762.receive.state_event:m.room.tombstone
+            - org.matrix.msc2762.receive.state_event:m.room.member
+            - org.matrix.msc2762.send.state_event:m.room.member
+            - org.matrix.msc2762.receive.state_event:m.room.name
+            - org.matrix.msc2762.receive.state_event:m.room.topic
+            - org.matrix.msc2762.receive.state_event:m.space.parent
+            - org.matrix.msc2762.receive.state_event:m.space.child
+            - org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
+            - org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
+            - org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
+            - org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
+            - org.matrix.msc3973.user_directory_search
+
+  welcomeUserId: "@meetings-bot:{{ .Values.global.matrixDomain | default .Values.global.domain }}"
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.element | toYaml | nindent 4 }}
+
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.element.registry | quote }}
+  repository: {{ .Values.images.element.repository | quote }}
+  tag: {{ .Values.images.element.tag | quote }}
+
+ingress:
+  host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
+  enabled: {{ .Values.ingress.enabled }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+  annotations:
+    {{ .Values.annotations.element.ingress | toYaml | nindent 4 }}
+
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-element"
+  {{- with .Values.annotations.element.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 101
+
+replicaCount: {{ .Values.replicas.element }}
+
+resources:
+  {{ .Values.resources.element | toYaml | nindent 2 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.element.service | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.element.serviceAccount | toYaml | nindent 4 }}
+
+theme:
+  title: "Chat - {{ .Values.theme.texts.productName }}"
+  {{ .Values.theme | toYaml | nindent 2 }}
+
+...

helmfile/apps/element-old/values-matrix-neoboard-widget.yaml.gotmpl

@@ -0,0 +1,75 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+additionalAnnotations:
+  {{ .Values.annotations.elementMatrixNeoboardWidget.additional | toYaml | nindent 2 }}
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.matrixNeoBoardWidget | toYaml | nindent 4 }}
+
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoBoardWidget.registry | quote }}
+  repository: {{ .Values.images.matrixNeoBoardWidget.repository | quote }}
+  tag: {{ .Values.images.matrixNeoBoardWidget.tag | quote }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+  annotations:
+    {{ .Values.annotations.elementMatrixNeoboardWidget.ingress | toYaml | nindent 4 }}
+
+podAnnotations:
+  intents.otterize.com/service-name: "matrix-neoboard-widget"
+  {{- with .Values.annotations.elementMatrixNeoboardWidget.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 101
+
+replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
+
+resources:
+  {{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeoboardWidget.service | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeoboardWidget.serviceAccount | toYaml | nindent 4 }}
+
+theme:
+  {{ .Values.theme | toYaml | nindent 2 }}
+
+nginx:
+  ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }}
+
+...

helmfile/apps/element-old/values-matrix-neochoice-widget.yaml.gotmpl

@@ -0,0 +1,75 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+additionalAnnotations:
+  {{ .Values.annotations.elementMatrixNeochoiceWidget.additional | toYaml | nindent 2 }}
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.matrixNeoChoiceWidget | toYaml | nindent 4 }}
+
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoChoiceWidget.registry | quote }}
+  repository: {{ .Values.images.matrixNeoChoiceWidget.repository | quote }}
+  tag: {{ .Values.images.matrixNeoChoiceWidget.tag | quote }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+  annotations:
+    {{ .Values.annotations.elementMatrixNeochoiceWidget.ingress | toYaml | nindent 4 }}
+
+podAnnotations:
+  intents.otterize.com/service-name: "matrix-neochoice-widget"
+  {{- with .Values.annotations.elementMatrixNeochoiceWidget.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 101
+
+replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}
+
+service:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeochoiceWidget.service | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeochoiceWidget.serviceAccount | toYaml | nindent 4 }}
+
+theme:
+  {{ .Values.theme | toYaml | nindent 2 }}
+
+resources:
+  {{ .Values.resources.matrixNeoChoiceWidget | toYaml | nindent 2 }}
+
+nginx:
+  ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }}
+
+...

helmfile/apps/element-old/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl

@@ -0,0 +1,51 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+cleanup:
+  deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
+  deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
+
+configuration:
+  username: "meetings-bot"
+  pod: "opendesk-synapse-0"
+  secretName: "matrix-neodatefix-bot-account"
+  password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
+
+global:
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
+  url: {{ .Values.images.synapseCreateUser.repository | quote }}
+  tag: {{ .Values.images.synapseCreateUser.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+
+fullnameOverride: "matrix-neodatefix-bot-bootstrap"
+
+podAnnotations:
+  intents.otterize.com/service-name: "values-matrix-neodatefix-bot-bootstrap"
+  {{- with .Values.annotations.elementMatrixNeodatefixBotBootstrap.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixBotBootstrap.serviceAccount | toYaml | nindent 4 }}
+...

helmfile/apps/element-old/values-matrix-neodatefix-bot.yaml.gotmpl

@@ -0,0 +1,118 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+additionalAnnotations:
+  {{ .Values.annotations.elementMatrixNeodatefixBot.additional | toYaml | nindent 2 }}
+
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+configuration:
+  bot:
+    username: "meetings-bot"
+    display name: "Terminplaner Bot"
+  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
+  strings:
+    breakoutSessionWidgetName: "Breakoutsessions"
+    calendarRoomName: "Terminplaner"
+    calendarWidgetName: "Terminplaner"
+    cockpitWidgetName: "Meeting Steuerung"
+    jitsiWidgetName: "Videokonferenz"
+    matrixNeoBoardWidgetName: "Whiteboard"
+    matrixNeoChoiceWidgetName: "Abstimmungen"
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.matrixNeoDateFixBot | toYaml | nindent 4 }}
+
+extraEnvVars:
+  - name: "ACCESS_TOKEN"
+    valueFrom:
+      secretKeyRef:
+        name: "matrix-neodatefix-bot-account"
+        key: "access_token"
+{{- if .Values.certificate.selfSigned }}
+  - name: "NODE_EXTRA_CA_CERTS"
+    value: "/etc/ssl/certs/ca-certificates.crt"
+
+extraVolumes:
+  - name: "trusted-cert-secret-volume"
+    secret:
+      secretName: "opendesk-certificates-ca-tls"
+      items:
+        - key: "ca.crt"
+          path: "ca-certificates.crt"
+extraVolumeMounts:
+  - name: "trusted-cert-secret-volume"
+    mountPath: "/etc/ssl/certs/ca-certificates.crt"
+    subPath: "ca-certificates.crt"
+{{- end }}
+
+image:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoDateFixBot.registry | quote }}
+  repository: {{ .Values.images.matrixNeoDateFixBot.repository | quote }}
+  tag: {{ .Values.images.matrixNeoDateFixBot.tag | quote }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixBot.ingress | toYaml | nindent 4 }}
+
+liveness sample:
+  enabled: true
+
+persistence:
+  size: {{ .Values.persistence.storages.matrixNeoDateFixBot.size | quote }}
+  storageClass: {{ coalesce .Values.persistence.storages.matrixNeoDateFixBot.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixBot.persistence | toYaml | nindent 4 }}
+
+podAnnotations:
+  intents.otterize.com/service-name: "matrix-neodatefix-bot"
+  {{- with .Values.annotations.elementMatrixNeodatefixBot.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 101
+
+readinessProbe:
+  enabled: true
+
+replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}
+
+resources:
+  {{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixBot.service | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixBot.serviceAccount | toYaml | nindent 4 }}
+
+...

helmfile/apps/element-old/values-matrix-neodatefix-widget.yaml.gotmpl

@@ -0,0 +1,80 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+additionalAnnotations:
+  {{ .Values.annotations.elementMatrixNeodatefixWidget.additional | toYaml | nindent 2 }}
+
+configuration:
+  bot:
+    username: "meetings-bot"
+    homeserver: {{ .Values.global.matrixDomain | default .Values.global.domain }}
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.matrixNeoDateFixWidget | toYaml | nindent 4 }}
+
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoDateFixWidget.registry | quote }}
+  repository: {{ .Values.images.matrixNeoDateFixWidget.repository | quote }}
+  tag: {{ .Values.images.matrixNeoDateFixWidget.tag | quote }}
+
+ingress:
+  enabled: {{ .Values.ingress.enabled }}
+  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
+  tls:
+    enabled: {{ .Values.ingress.tls.enabled }}
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixWidget.ingress | toYaml | nindent 4 }}
+
+podAnnotations:
+  intents.otterize.com/service-name: "matrix-neodatefix-widget"
+  {{- with .Values.annotations.elementMatrixNeodatefixWidget.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 101
+
+replicaCount: {{ .Values.replicas.matrixNeoDateFixWidget }}
+
+resources:
+  {{ .Values.resources.matrixNeoDateFixWidget | toYaml | nindent 2 }}
+
+theme:
+  {{ .Values.theme | toYaml | nindent 2 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixWidget.service | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixNeodatefixWidget.serviceAccount | toYaml | nindent 4 }}
+
+nginx:
+  ipv4Only: {{ if eq .Values.cluster.networking.ipFamilies "IPv4" }}true{{ else }}false{{ end }}
+
+...

helmfile/apps/element-old/values-matrix-user-verification-service-bootstrap.yaml.gotmpl

@@ -0,0 +1,53 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+cleanup:
+  deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
+  deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
+
+configuration:
+  username: "uvs"
+  pod: "opendesk-synapse-0"
+  secretName: "opendesk-matrix-user-verification-service-account"
+  password: {{ .Values.secrets.matrixUserVerificationService.password | quote }}
+
+global:
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
+  url: {{ .Values.images.synapseCreateUser.repository | quote }}
+  tag: {{ .Values.images.synapseCreateUser.tag | quote }}
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+
+fullnameOverride: "opendesk-matrix-user-verification-service-bootstrap"
+
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-matrix-user-verification-service-bootstrap"
+  {{- with .Values.annotations.elementMatrixUserVerificationServiceBootstrap.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+securityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  privileged: false
+  readOnlyRootFilesystem: true
+  runAsGroup: 101
+  runAsNonRoot: true
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixUserVerificationServiceBootstrap.serviceAccount | toYaml | nindent 4 }}
+
+
+...

helmfile/apps/element-old/values-matrix-user-verification-service.yaml.gotmpl

@@ -0,0 +1,69 @@
+# SPDX-FileCopyrightText: 2024 Center for Digital Sovereignty of Public Administration (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Federal Ministry of the Interior and Community, PG ZenDiS "Project group for the development of ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+additionalAnnotations:
+  {{ .Values.annotations.elementMatrixUserVerificationService.additional | toYaml | nindent 2 }}
+
+containerSecurityContext:
+  allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
+  enabled: true
+  privileged: false
+  readOnlyRootFilesystem: false
+  runAsGroup: 1000
+  runAsNonRoot: true
+  runAsUser: 1000
+  seccompProfile:
+    type: "RuntimeDefault"
+  seLinuxOptions:
+    {{ .Values.seLinuxOptions.matrixUserVerificationService | toYaml | nindent 4 }}
+
+extraEnvVars:
+  - name: "UVS_ACCESS_TOKEN"
+    valueFrom:
+      secretKeyRef:
+        name: "opendesk-matrix-user-verification-service-account"
+        key: "access_token"
+  - name: "UVS_DISABLE_IP_BLACKLIST"
+    value: "true"
+
+global:
+  domain: {{ .Values.global.domain | quote }}
+  hosts:
+    {{ .Values.global.hosts | toYaml | nindent 4 }}
+  imagePullSecrets:
+    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
+
+image:
+  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixUserVerificationService.registry | quote }}
+  repository: {{ .Values.images.matrixUserVerificationService.repository | quote }}
+  tag: {{ .Values.images.matrixUserVerificationService.tag | quote }}
+
+podAnnotations:
+  intents.otterize.com/service-name: "opendesk-matrix-user-verification-service"
+  {{- with .Values.annotations.elementMatrixUserVerificationService.pod }}
+  {{ . | toYaml | nindent 2 }}
+  {{- end }}
+
+podSecurityContext:
+  enabled: true
+  fsGroup: 101
+
+replicaCount: {{ .Values.replicas.matrixUserVerificationService }}
+
+resources:
+  {{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }}
+
+service:
+  annotations:
+    {{ .Values.annotations.elementMatrixUserVerificationService.service | toYaml | nindent 4 }}
+
+serviceAccount:
+  annotations:
+    {{ .Values.annotations.elementMatrixUserVerificationService.serviceAccount | toYaml | nindent 4 }}
+
+...

helmfile/apps/element/helmfile-child.yaml.gotmpl

@@ -1,9 +1,9 @@
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 repositories:
   # openDesk Element
-  # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element
+  # Source: https://github.com/element-hq/ess-helm
   - name: "element-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.element.verify }}
@@ -11,27 +11,6 @@ repositories:
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
     url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}"
-  - name: "element-well-known-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.elementWellKnown.verify }}
-    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}"
-  - name: "synapse-web-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.synapseWeb.verify }}
-    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}"
-  - name: "synapse-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.synapse.verify }}
-    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
   - name: "synapse-create-account-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.synapseCreateAccount.verify }}
@@ -78,39 +57,6 @@ repositories:
     oci: true
     url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"
 
-  # openDesk Enterprise Repositories
-
-  # openDesk Element
-  # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-element
-  - name: "synapse-admin-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.synapseAdmin.verify }}
-    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdmin.registry }}/{{ .Values.charts.synapseAdmin.repository }}"
-  - name: "synapse-adminbot-web-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.synapseAdminbotWeb.verify }}
-    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseAdminbotWeb.registry }}/{{ .Values.charts.synapseAdminbotWeb.repository }}"
-  - name: "synapse-groupsync-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.synapseGroupsync.verify }}
-    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapseGroupsync.registry }}/{{ .Values.charts.synapseGroupsync.repository }}"
-  - name: "synapse-pipe-repo"
-    keyring: "../../files/gpg-pubkeys/opencode.gpg"
-    verify: {{ .Values.charts.synapsePipe.verify }}
-    username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
-    password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
-    oci: true
-    url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.synapsePipe.registry }}/{{ .Values.charts.synapsePipe.repository }}"
-
 releases:
   - name: "opendesk-element"
     chart: "element-repo/{{ .Values.charts.element.name }}"
@@ -123,39 +69,6 @@ releases:
     installed: {{ .Values.apps.element.enabled }}
     timeout: 900
 
-  - name: "opendesk-well-known"
-    chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}"
-    version: "{{ .Values.charts.elementWellKnown.version }}"
-    values:
-      - "values-well-known.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskWellKnown }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.element.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-web"
-    chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}"
-    version: "{{ .Values.charts.synapseWeb.version }}"
-    values:
-      - "values-synapse-web.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseWeb }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.element.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse"
-    chart: "synapse-repo/{{ .Values.charts.synapse.name }}"
-    version: "{{ .Values.charts.synapse.version }}"
-    values:
-      - "values-synapse.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapse }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.element.enabled }}
-    timeout: 900
-
   - name: "opendesk-matrix-user-verification-service-bootstrap"
     chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
     version: "{{ .Values.charts.synapseCreateAccount.version }}"
@@ -233,84 +146,6 @@ releases:
     installed: {{ .Values.apps.element.enabled }}
     timeout: 900
 
-  # openDesk Enterprise Releases
-  - name: "opendesk-synapse-admin"
-    chart: "synapse-admin-repo/{{ .Values.charts.synapseAdmin.name }}"
-    version: "{{ .Values.charts.synapseAdmin.version }}"
-    values:
-      - "values-synapse-admin.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseAdmin }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementAdmin.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-adminbot-bootstrap"
-    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
-    version: "{{ .Values.charts.synapseCreateAccount.version }}"
-    values:
-      - "values-synapse-adminbot-bootstrap.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseAdminbotBootstrap }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementAdmin.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-adminbot-pipe"
-    chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
-    version: "{{ .Values.charts.synapsePipe.version }}"
-    values:
-      - "values-synapse-adminbot-pipe.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseAdminbotPipe }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementAdmin.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-adminbot-web"
-    chart: "synapse-adminbot-web-repo/{{ .Values.charts.synapseAdminbotWeb.name }}"
-    version: "{{ .Values.charts.synapseAdminbotWeb.version }}"
-    values:
-      - "values-synapse-adminbot-web.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseAdminbotWeb }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementAdmin.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-auditbot-bootstrap"
-    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
-    version: "{{ .Values.charts.synapseCreateAccount.version }}"
-    values:
-      - "values-synapse-auditbot-bootstrap.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseAuditbotBootstrap }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementAdmin.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-auditbot-pipe"
-    chart: "synapse-pipe-repo/{{ .Values.charts.synapsePipe.name }}"
-    version: "{{ .Values.charts.synapsePipe.version }}"
-    values:
-      - "values-synapse-auditbot-pipe.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseAuditbotPipe }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementAdmin.enabled }}
-    timeout: 900
-
-  - name: "opendesk-synapse-groupsync"
-    chart: "synapse-groupsync-repo/{{ .Values.charts.synapseGroupsync.name }}"
-    version: "{{ .Values.charts.synapseGroupsync.version }}"
-    values:
-      - "values-synapse-groupsync.yaml.gotmpl"
-      {{- range .Values.customization.release.opendeskSynapseGroupsync }}
-      - {{ . }}
-      {{- end }}
-    installed: {{ .Values.apps.elementGroupsync.enabled }}
-    timeout: 900
-
 commonLabels:
   deployStage: "050-components"
   component: "element"

helmfile/apps/element/helmfile.yaml.gotmpl

@@ -1,5 +1,4 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 bases:

helmfile/apps/element/values-element.yaml.gotmpl

@@ -1,172 +1,82 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-commonAnnotations:
-  {{ .Values.annotations.element.common | toYaml | nindent 2 }}
 
-configuration:
-  endToEndEncryption: true
-  additionalConfiguration:
-    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
+# FROM synapse-minimal-values.yaml
 
-    "net.nordeck.element_web.module.opendesk":
-      config:
-        banner:
-          ics_navigation_json_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/navigation.json"
-          ics_silent_url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/silent"
-          portal_logo_svg_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/icons/logos/domain.svg"
-          portal_url: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/"
-        custom_css_variables:
-          --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }}
-          --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
-
-    "net.nordeck.element_web.module.widget_lifecycle":
-      widget_permissions:
-        "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
-          identity_approved: true
-        "https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
-          preload_approved: true
-          capabilities_approved:
-            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
-            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
-            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
-            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
-            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
-            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
-            - org.matrix.msc2762.receive.state_event:m.room.create
-            - org.matrix.msc2762.send.state_event:m.room.power_levels#
-            - org.matrix.msc2762.receive.state_event:m.room.power_levels#
-            - org.matrix.msc2762.receive.state_event:m.room.member
-            - org.matrix.msc2762.receive.state_event:m.room.name
-            - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
-            - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
-            - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
-            - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
-            - org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
-            - org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
-            - town.robin.msc3846.turn_servers
-            - org.matrix.msc4039.upload_file
-            - org.matrix.msc4039.download_file
-        "https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
-          preload_approved: true
-          capabilities_approved:
-            - org.matrix.msc2762.send.event:net.nordeck.poll.vote
-            - org.matrix.msc2762.receive.event:net.nordeck.poll.vote
-            - org.matrix.msc2762.send.state_event:net.nordeck.poll
-            - org.matrix.msc2762.receive.state_event:net.nordeck.poll
-            - org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
-            - org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
-            - org.matrix.msc2762.receive.state_event:m.room.create
-            - org.matrix.msc2762.receive.state_event:m.room.power_levels
-            - org.matrix.msc2762.receive.state_event:m.room.name
-            - org.matrix.msc2762.receive.state_event:m.room.member
-            - org.matrix.msc2762.send.state_event:net.nordeck.poll.group
-            - org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
-            - org.matrix.msc2762.send.event:net.nordeck.poll.start
-            - org.matrix.msc2762.receive.event:net.nordeck.poll.start
-        "https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
-          preload_approved: true
-          identity_approved: true
-          capabilities_approved:
-            - org.matrix.msc2931.navigate
-            - org.matrix.msc2762.timeline:*
-            - org.matrix.msc2762.receive.state_event:m.room.power_levels
-            - org.matrix.msc2762.receive.event:m.reaction
-            - org.matrix.msc2762.receive.state_event:m.room.create
-            - org.matrix.msc2762.receive.state_event:m.room.tombstone
-            - org.matrix.msc2762.receive.state_event:m.room.member
-            - org.matrix.msc2762.send.state_event:m.room.member
-            - org.matrix.msc2762.receive.state_event:m.room.name
-            - org.matrix.msc2762.receive.state_event:m.room.topic
-            - org.matrix.msc2762.receive.state_event:m.space.parent
-            - org.matrix.msc2762.receive.state_event:m.space.child
-            - org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
-            - org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
-            - org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
-            - org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
-            - org.matrix.msc3973.user_directory_search
-
-  welcomeUserId: "@meetings-bot:{{ .Values.global.matrixDomain | default .Values.global.domain }}"
-
-containerSecurityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-      - "ALL"
+deploymentMarkers:
+  enabled: false
+elementAdmin:
+  enabled: false
+elementWeb:
   enabled: true
-  privileged: false
-  readOnlyRootFilesystem: true
-  runAsGroup: 101
-  runAsNonRoot: true
-  runAsUser: 101
-  seccompProfile:
-    type: "RuntimeDefault"
-  seLinuxOptions:
-    {{ .Values.seLinuxOptions.element | toYaml | nindent 4 }}
-
-global:
-  domain: {{ .Values.global.domain | quote }}
-  hosts:
-    {{ .Values.global.hosts | toYaml | nindent 4 }}
-  imagePullSecrets:
-    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
-
-image:
-  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.element.registry | quote }}
-  repository: {{ .Values.images.element.repository | quote }}
-  tag: {{ .Values.images.element.tag | quote }}
-
-ingress:
-  host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
-  enabled: {{ .Values.ingress.enabled }}
-  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
-  tls:
-    enabled: {{ .Values.ingress.tls.enabled }}
-    secretName: {{ .Values.ingress.tls.secretName | quote }}
-  annotations:
-    {{ .Values.annotations.element.ingress | toYaml | nindent 4 }}
-
-podAnnotations:
-  intents.otterize.com/service-name: "opendesk-element"
-  {{- with .Values.annotations.element.pod }}
-  {{ . | toYaml | nindent 2 }}
-  {{- end }}
-
-podSecurityContext:
-  enabled: true
-  fsGroup: 101
-
-replicaCount: {{ .Values.replicas.element }}
-
-resources:
-  {{ .Values.resources.element | toYaml | nindent 2 }}
-
-service:
-  annotations:
-    {{ .Values.annotations.element.service | toYaml | nindent 4 }}
-
-serviceAccount:
-  annotations:
-    {{ .Values.annotations.element.serviceAccount | toYaml | nindent 4 }}
-
-theme:
-  title: "Chat - {{ .Values.theme.texts.productName }}"
-  {{ .Values.theme | toYaml | nindent 2 }}
-
-...
+  image:
+    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    registry: {{ coalesce .Values.global.imageRegistry .Values.images.elementWeb.registry | quote }}
+    repository: {{ .Values.images.elementWeb.repository | quote }}
+    tag: {{ .Values.images.elementWeb.tag | quote }}
+  ingress:
+    className: {{ .Values.ingress.ingressClassName | quote }}
+    host: "{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
+    tlsSecret: {{ .Values.ingress.tls.secretName | quote }}
+#initSecrets:
+#  # needed for syn2mas
+#  enabled: false
+matrixAuthenticationService:
+  #
+  enabled: false
+#  ingress:
+#    #host:  .Values.global.hosts.synapseMAS .{{ .Values.global.domain }}
+#    host: mas.{{ .Values.global.domain }}
+#  postgres:
+#    database: {{ .Values.databases.synapseMAS.name | quote }}
+#    host: {{ .Values.databases.synapseMAS.host | quote }}
+#    password:
+#      password: {{ .Values.databases.synapseMAS.password | default .Values.secrets.postgresql.matrixMASUser | quote }}
+#    user: {{ .Values.databases.synapseMAS.username | quote }}
+matrixRTC:
+  enabled: false
+serverName: {{ .Values.global.matrixDomain | default .Values.global.domain }}
+synapse:
+  additional:
+    0-customConfig:
+      config: |
+        sso:
+          client_whitelist:
+            - https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}
+        oidc_providers:
+          - idp_id: oidc
+            idp_name: OIDC
+            issuer: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
+            client_id: opendesk-matrix
+            client_secret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}
+            scopes:
+              - openid
+              - opendesk-matrix-scope
+            allow_existing_users: true
+            user_mapping_provider:
+              config:
+                subject_template: "{{`{{ user.opendesk_useruuid }}`}}"
+                display_name_template: "{{`{{ user.name }}`}}"
+                localpart_template: "{{`{{`}} user.{{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}opendesk_useruuid{{ else }}opendesk_username{{ end }} {{`}}`}}"
+                email_template: "{{`{{ user.email }}`}}"
+            backchannel_logout_enabled: true
+            backchannel_logout_ignore_sub: true
+  ingress:
+    className: {{ .Values.ingress.ingressClassName | quote }}
+    host: "{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}"
+    tlsSecret: {{ if .Values.global.matrixDomain }}"opendesk-certificates-synapse-tls"{{ else }}"opendesk-certificates-tls"{{ end }}
+  macaroon:
+    value: {{ .Values.secrets.synapse.registrationSharedSecret | quote }}
+  postgres:
+    database: {{ .Values.databases.synapse.name | quote }}
+    host: {{ .Values.databases.synapse.host | quote }}
+    password:
+      value: {{ .Values.databases.synapse.password | default .Values.secrets.postgresql.matrixUser | quote }}
+    user: {{ .Values.databases.synapse.username | quote }}
+  registrationSharedSecret:
+    value: {{ .Values.secrets.synapse.registrationSharedSecret | quote }}
+  signingKey:
+    value: "ed25519 0 bNQOzBUDszff7Ax81z6w0uZ1IPWoxYaazT7emaZEfpw"
+  workers:
+    sso-login:
+      enabled: true
+wellKnownDelegation:
+  enabled: false

helmfile/apps/services-external/values-clamav-distributed.yaml.gotmpl

@@ -28,7 +28,7 @@ clamd:
   podAnnotations:
     intents.otterize.com/service-name: "clamav-distributed"
     {{- with .Values.annotations.servicesExternalClamavDistributed.clamdPod }}
-    {{ .  | toYaml | nindent 4 }}
+    {{ . | toYaml | nindent 4 }}
     {{- end }}
   podSecurityContext:
     enabled: true

helmfile/apps/services-external/values-clamav-simple.yaml.gotmpl

@@ -46,7 +46,7 @@ persistence:
 podAnnotations:
   intents.otterize.com/service-name: "clamav-simple"
   {{- with .Values.annotations.servicesExternalClamavSimple.pod }}
-  {{ .  | toYaml | nindent 2 }}
+  {{ . | toYaml | nindent 2 }}
   {{- end }}
 
 podSecurityContext:

helmfile/apps/services-external/values-dkimpy.yaml.gotmpl

@@ -32,7 +32,7 @@ image:
 podAnnotations:
   intents.otterize.com/service-name: "dkimpy-milter"
   {{- with .Values.annotations.servicesExternalDkimpy.service }}
-  {{ .  | toYaml | nindent 2 }}
+  {{ . | toYaml | nindent 2 }}
   {{- end }}
 
 podSecurityContext:

helmfile/apps/services-external/values-memcached.yaml.gotmpl

@@ -36,7 +36,7 @@ image:
 podAnnotations:
   intents.otterize.com/service-name: "memcached"
   {{- with .Values.annotations.servicesExternalMemcached.pod }}
-  {{ .  | toYaml | nindent 2 }}
+  {{ . | toYaml | nindent 2 }}
   {{- end}}
 replicaCount: {{ .Values.replicas.memcached }}
 

helmfile/apps/services-external/values-minio.yaml.gotmpl

@@ -136,7 +136,7 @@ provisioning:
   podAnnotations:
     intents.otterize.com/service-name: "minio-provisioning"
     {{- with .Values.annotations.servicesExternalMinio.provisioningPod }}
-    {{ .  | toYaml | nindent 4}}
+    {{ . | toYaml | nindent 4}}
     {{- end }}
   policies:
     - name: "migrations-bucket-policy"

helmfile/apps/services-external/values-postgresql.yaml.gotmpl

@@ -61,6 +61,9 @@ job:
     - username: {{ .Values.databases.synapse.username | quote }}
       password: {{ .Values.secrets.postgresql.matrixUser | quote }}
       connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+    - username: {{ .Values.databases.synapseMAS.username | quote }}
+      password: {{ .Values.secrets.postgresql.matrixMASUser | quote }}
+      connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
     - username: {{ .Values.databases.umsNotificationsApi.username | quote }}
       password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
       connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
@@ -95,6 +98,9 @@ job:
     - name: {{ .Values.databases.synapse.name | quote }}
       user: {{ .Values.databases.synapse.username | quote }}
       additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0"
+    - name: {{ .Values.databases.synapseMAS.name | quote }}
+      user: {{ .Values.databases.synapseMAS.username | quote }}
+      additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0"
     - name: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
       user: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
     - name: {{ .Values.databases.umsNotificationsApi.name | quote }}

helmfile/environments/default/charts.yaml.gotmpl

@@ -100,25 +100,17 @@ charts:
     version: "3.2.1"
     verify: true
   element:
-    # providerCategory: "Platform"
-    # providerResponsible: "openDesk"
-    # upstreamRegistry: "https://registry.opencode.de"
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-element"
+    # providerCategory: "Supplier"
+    # providerResponsible: "Element"
+    # upstreamRegistry: "https://ghcr.io/element-hq/ess-helm"
+    # upstreamRepository: "matrix-stack"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["25", "11", "0"]
     registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-element"
-    version: "6.1.7"
-    verify: true
-  elementWellKnown:
-    # providerCategory: "Platform"
-    # providerResponsible: "openDesk"
-    # upstreamRegistry: "https://registry.opencode.de"
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-well-known"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-well-known"
-    version: "6.1.7"
-    verify: true
+    repository: "bmi/opendesk/components/supplier/element/charts-mirror"
+    name: "matrix-stack"
+    version: "25.11.0"
+    verify: false
   home:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -459,34 +451,6 @@ charts:
     name: "redis"
     version: "18.6.1"
     verify: true
-  synapse:
-    # providerCategory: "Supplier"
-    # providerResponsible: "Element"
-    # upstreamRegistry: "https://registry.opencode.de"
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-synapse"
-    version: "6.1.7"
-    verify: true
-  synapseAdmin:
-    # Enterprise Component
-    # providerCategory: "Supplier"
-    # providerResponsible: "Element"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-synapse-admin"
-    version: "5.0.1"
-    verify: true
-  synapseAdminbotWeb:
-    # Enterprise Component
-    # providerCategory: "Supplier"
-    # providerResponsible: "Element"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-synapse-adminbot-web"
-    version: "5.0.1"
-    verify: true
   synapseCreateAccount:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -497,34 +461,6 @@ charts:
     name: "opendesk-synapse-create-account"
     version: "6.1.7"
     verify: true
-  synapseGroupsync:
-    # Enterprise Component
-    # providerCategory: "Supplier"
-    # providerResponsible: "Element"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-synapse-groupsync"
-    version: "5.0.1"
-    verify: true
-  synapsePipe:
-    # Enterprise Component
-    # providerCategory: "Supplier"
-    # providerResponsible: "Element"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-synapse-pipe"
-    version: "5.0.1"
-    verify: true
-  synapseWeb:
-    # providerCategory: "Platform"
-    # providerResponsible: "openDesk"
-    # upstreamRegistry: "https://registry.opencode.de"
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-web"
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
-    name: "opendesk-synapse-web"
-    version: "6.1.7"
-    verify: true
   xwiki:
     # providerCategory: "Supplier"
     # providerResponsible: "XWiki"

helmfile/environments/default/database.yaml.gotmpl

@@ -99,6 +99,29 @@ databases:
     connectionPoolMin: "3"
     connectionPoolMax: "5"
     connectionLimit: ~
+  synapseMAS:
+    type: "postgresql"
+    name: "matrixMAS"
+    host: "postgresql"
+    port: 5432
+    username: "matrix_mas_user"
+    password: ""
+    requireAuth: []
+    channelBinding: "prefer"
+    connectTimeout: 10
+    clientEncoding: "auto"
+    keepalives: 1
+    keepalivesIdle: 10
+    keepalivesInterval: 10
+    keepalivesCount: 3
+    replication: false
+    gssencmode: "prefer"
+    sslmode: "prefer"
+    sslcompression: 0
+    sslMinProtocolVersion: "TLSv1.2"
+    connectionPoolMin: "3"
+    connectionPoolMax: "5"
+    connectionLimit: ~
   umsAuthSession:
     type: "postgresql"
     name: "nubus_authsession"

helmfile/environments/default/global.generated.yaml.gotmpl

@@ -3,5 +3,5 @@
 ---
 global:
   systemInformation:
-    releaseVersion: "v1.9.0"
+    releaseVersion: "v1.10.0"
 ...

helmfile/environments/default/images.yaml.gotmpl

@@ -92,12 +92,16 @@ images:
     registry: "registry-1.docker.io"
     repository: "alpine/k8s"
     tag: "1.34.0@sha256:b5f6edfeac5279f3e182d938d1ffecb62f7c980756ac4b6b66d7f0d566782f77"
-  element:
+  elementAdmin:
     # providerCategory: "Supplier"
     # providerResponsible: "Element"
+    # upstreamRegistry: "https://oci.element.io"
+    # upstreamRepository: "element-admin"
+    # upstreamMirrorTagFilterRegEx: '(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["0", "1", "8"]
     registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/element/images/opendesk-element-web"
-    tag: "v1.12.0@sha256:a2ff739dc3eee008a5046c4d3a8721f4dd2a27dd6c80a12cb9baf64525c9b617"
+    repository: "bmi/opendesk/components/supplier/element/images-mirror/element-admin"
+    tag: "0.1.8@sha256:ac3878337c7061b799948afb85d5c18074191ab752974b3c8ece185ea934c0d1"
   elementAdminBot:
     # Enterprise Component
     # providerCategory: "Supplier"
@@ -119,13 +123,6 @@ images:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/pipe"
     tag: "6.3.1@sha256:7f487af25f220d31aa987665f9d1393b42e925c6b1a7e0458daaa91e8e7bf0c4"
-  elementSynapseAdmin:
-    # Enterprise Component
-    # providerCategory: "Supplier"
-    # providerResponsible: "Element"
-    registry: "registry.opencode.de"
-    repository: "zendis/opendesk-enterprise/components/supplier/element/images-mirror/synapse_admin"
-    tag: "v16.105.5-24.10@sha256:563979fc69162adf93f1286cf79dcbe58adf878a0e4e9332044e5ab6a7170350"
   elementSyncAdmins:
     # Enterprise Component
     # providerCategory: "Supplier"
@@ -133,6 +130,16 @@ images:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-element-syncadmins"
     tag: "1.0.5@sha256:ae0e18eadea762e11f8edacc52285742a5c4ed6e2e92bfa32ec5638e377e7b7b"
+  elementWeb:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Element"
+    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRepository: "element-hq/element-web"
+    # upstreamMirrorTagFilterRegEx: 'v(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["1", "12", "2"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/element/images-mirror/element-web"
+    tag: "1.12.3@sha256:c32818c43fd361d8440e46a86b51a7e3092a094502e2f097ec9b8fd93ccb3a85"
   freshclam:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -237,6 +244,44 @@ images:
     registry: "registry-1.docker.io"
     repository: "library/mariadb"
     tag: "10.6.21@sha256:8a16204dc96c08ed0ee2c52c0f9324aa5d2dd0e43ad23a471d447a39f75765b5"
+  matrixAuthenticationService:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Element"
+    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRepository: "element-hq/matrix-authentication-service"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["1", "5", "0"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-authentication-service"
+    tag: "1.5.0@sha256:6c4ecc128668ae3cbf9cb319ee45ad45c0f01a96adca4841d10e662dd4a7fdc1"
+  matrixHaproxy:
+    # providerCategory: "Community"
+    # providerResponsible: "openDesk"
+    # upstreamRegistry: "https://registry-1.docker.io"
+    # upstreamRepository: "library/haproxy"
+    registry: "registry-1.docker.io"
+    repository: "library/haproxy"
+    tag: "3.2-alpine@sha256:f36a98e862b839cff180f0cbaf96ce71c1f2b61e6914f94e8e861c9fad755be5"
+  matrixLkJwtService:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Element"
+    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRepository: "element-hq/lk-jwt-service"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["0", "3", "0"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/element/images-mirror/lk-jwt-service"
+    tag: "0.3.0@sha256:52357326970d3f3e3cf6e9c33766e49cf2665e2cd57842e29a5c298514bd2e58"
+  matrixSyn2Mas:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Element"
+    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRepository: "element-hq/matrix-authentication-service"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)-debug$'
+    # upstreamMirrorStartFrom: ["1", "5", "0"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-authentication-service"
+    tag: "1.5.0-debug@sha256:8809ab9c22c5cfed682fbf5de79190cf15e2ee8607d3f83d69859c01744aba97"
   matrixNeoBoardWidget:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
@@ -277,6 +322,16 @@ images:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-widget"
     tag: "1.7.2@sha256:f876267ed81148ece68cc95bdad7be9c3cce89ce944dbf1b97161e16f72c0cda"
+  matrixTools:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Element"
+    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRepository: "element-hq/ess-helm/matrix-tools"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["0", "5", "6"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-tools"
+    tag: "0.5.6@sha256:ba7f3de19a082d11416d5ab9c8aa280af6ab04f139995ea59462a107def12379"
   matrixUserVerificationService:
     # providerCategory: "Supplier"
     # providerResponsible: "Element"
@@ -954,13 +1009,13 @@ images:
   synapse:
     # providerCategory: "Supplier"
     # providerResponsible: "Element"
-    # upstreamRegistry: "https://registry-1.docker.io"
-    # upstreamRepository: "matrixdotorg/synapse"
+    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRepository: "element-hq/synapse"
     # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "91", "2"]
+    # upstreamMirrorStartFrom: ["1", "141", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
-    tag: "v1.141.0@sha256:4914f40c9fbfb29e4157bd1f7db87169894505c2c66dfdb4fcad5a34cd42f924"
+    tag: "v1.141.0@sha256:562adbfc3df12d1024c7277b9807086ed79d8d5fabe24187a31d787af050a6a4"
   synapseCreateUser:
     # providerCategory: "Community"
     # providerResponsible: "Nordeck"

helmfile/environments/default/replicas.yaml.gotmpl

@@ -146,7 +146,7 @@ replicas:
   # -- scalable: tbd
   jitsiKeycloakAdapter: 1
   # -- scalable: tbd
-  jvb: 2
+  jvb: 1
 
   # -- component: Persistence Layer
   # -- scalable: false

helmfile/environments/default/secrets.yaml.gotmpl

@@ -62,6 +62,7 @@ secrets:
     keycloakUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_user" | sha1sum | quote }}
     keycloakExtensionUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "keycloak_extensions_user" | sha1sum | quote }}
     matrixUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_user" | sha1sum | quote }}
+    matrixMASUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "matrix_mas_user" | sha1sum | quote }}
     nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "nextcloud_user" | sha1sum | quote }}
     notesUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "notes_user" | sha1sum | quote }}
     openprojectUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postgres" "openproject_user" | sha1sum | quote }}

publiccode.yml

@@ -22,8 +22,8 @@ name: "openDesk"
 platforms:
   - "web"
 developmentStatus: "stable"
-softwareVersion: "1.9.0"
-releaseDate: "2025-11-07"
+softwareVersion: "1.10.0"
+releaseDate: "2025-11-24"
 softwareType: "standalone/web"
 url: "https://gitlab.opencode.de/bmi/opendesk/"
 logo: ".opencode/openDesk-logo-rgb-color.svg"