fix(open-xchange): Align maximum attachment size with functional.groupware.mail.maxSize

docs/migrations.md

@@ -13,7 +13,6 @@ SPDX-License-Identifier: Apache-2.0
   * [Versions ≥ v1.11.0](#versions--v1110)
     * [Pre-upgrade to versions ≥ v1.11.0](#pre-upgrade-to-versions--v1110)
       * [Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)](#helmfile-new-option-annotations-for-external-services-dovecot-jitsi-jvb-postfix)
-      * [Helmfile new secret: `secrets.nextcloud.statusPassword`](#helmfile-new-secret-secretsnextcloudstatuspassword)
   * [Versions ≥ v1.10.0](#versions--v1100)
     * [Pre-upgrade to versions ≥ v1.10.0](#pre-upgrade-to-versions--v1100)
       * [Deployment cleanup: Collabora Controller](#deployment-cleanup-collabora-controller)
@@ -215,20 +214,6 @@ Setting service annotation by `annotations.openxchangePostfix.service` applied t
 and external service. This key now only sets annotations for the internal service. If you want to set
 annotations for the external service use the newly introduced key `annotations.openxchangePostfix.serviceExternal`.
 
-#### Helmfile new secret: `secrets.nextcloud.statusPassword`
-
-**Target group:** All existing deployments that use self-defined secrets and have deployed Nextcloud.
-
-Access to Nextcloud's `/status.php` requires now BasicAuth. The related password is set in
-[`secrets.yaml.gotmpl`](../helmfile/environments/default/secrets.yaml.gotmpl) by the key
-`secrets.nextcloud.statusPassword`.
-
-If you define your own secrets, please ensure that you provide a value for this secret, otherwise it will
-be derived from the `MASTER_PASSWORD`.
-
-> [!note]
-> The username for the BasicAuth is hardcoded to "status-access".
-
 ## Versions ≥ v1.10.0
 
 ### Pre-upgrade to versions ≥ v1.10.0

helmfile/apps/cryptpad/values.yaml.gotmpl

@@ -17,7 +17,14 @@ application_config:
 #    - "diagram"
 
 autoscaling:
-  enabled: false
+  enabled: {{ .Values.technical.cryptpad.autoscaling.enabled }}
+  minReplicas: {{ .Values.technical.cryptpad.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.technical.cryptpad.autoscaling.maxReplicas }}
+  targetCPUUtilizationPercentage: {{ .Values.technical.cryptpad.autoscaling.targetCPUUtilizationPercentage }}
+  targetMemoryUtilizationPercentage: {{ .Values.technical.cryptpad.autoscaling.targetMemoryUtilizationPercentage }}
+
+config:
+  maxWorkers: {{ .Values.technical.cryptpad.maxWorkers }}
 
 enableEmbedding: true
 

helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl

@@ -118,10 +118,6 @@ aio:
           value: {{ .Values.databases.nextcloud.password | quote }}
           {{- end }}
     trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
-    status:
-      password:
-        value: {{ .Values.secrets.nextcloud.statusPassword | quote }}
-
   containerSecurityContext:
     allowPrivilegeEscalation: false
     capabilities:

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -53,6 +53,8 @@ global:
   configUcr:
     directory:
       manager:
+        mail-address:
+          uniqueness: "True"
         rest:
           authorized-groups:
             domain-admins: __DELETE_KEY__
@@ -67,9 +69,9 @@ global:
                   description:
                     syntax: "TextArea"
                   firstname:
-                    required: "true"
+                    required: "True"
                   mailPrimaryAddress:
-                    required: "true"
+                    required: "True"
                   username:
                     syntax: "uid"
                 search:

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -266,6 +266,9 @@ appsuite:
             com.openexchange.mail.filter.passwordSource: global
             com.openexchange.mail.filter.masterPassword:  {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
             com.openexchange.mail.filter.preferredSaslMech: ""
+            # Loosen API the rate limit
+            com.openexchange.servlet.maxRateTimeWindow: "60000"
+            com.openexchange.servlet.maxRate: "3000"
           propertiesFiles:
             /opt/open-xchange/etc/masterpassword-authentication.properties:
               com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
@@ -632,6 +635,12 @@ appsuite:
       com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
       com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
     propertiesFiles:
+      /opt/open-xchange/etc/server.properties:
+        MAX_UPLOAD_SIZE: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
+      /opt/open-xchange/etc/infostore.properties:
+        MAX_UPLOAD_SIZE: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
+      /opt/open-xchange/etc/attachment.properties:
+        MAX_UPLOAD_SIZE: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
       /opt/open-xchange/etc/AdminDaemon.properties:
         MASTER_ACCOUNT_OVERRIDE: "true"
       /opt/open-xchange/etc/AdminUser.properties:

helmfile/apps/opendesk-openproject-bootstrap/values.yaml.gotmpl

@@ -33,9 +33,6 @@ config:
         value: "nextcloud"
       password:
         value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
-    status:
-      password:
-        value: {{ .Values.secrets.nextcloud.statusPassword | quote }}
 
 containerSecurityContext:
   allowPrivilegeEscalation: false

helmfile/apps/opendesk-services/values-opendesk-static-files.yaml.gotmpl

@@ -92,12 +92,13 @@ containerSecurityContext:
     drop:
       - "ALL"
   enabled: true
-  runAsUser: 101
-  runAsGroup: 101
-  seccompProfile:
-    type: "RuntimeDefault"
+  privileged: false
   readOnlyRootFilesystem: true
   runAsNonRoot: true
+  runAsGroup: 101
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
   seLinuxOptions:
     {{ .Values.seLinuxOptions.opendeskStaticFiles | toYaml | nindent 4 }}
 

helmfile/environments/default-enterprise-overrides/images.yaml.gotmpl

@@ -13,7 +13,7 @@ images:
   nextcloud:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
-    tag: "1.7.1@sha256:aa91feaa89989178d859f21bb25633ef07facea19ac3ef696186256492a13b17"
+    tag: "1.6.11@sha256:79bab3b5745eb2c0fdd5a8858d277495deb7f6e43b42c7046d5bfbee039aed0a"
   openxchangeCoreMW:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/middleware-public-sector-pro"

helmfile/environments/default/charts.yaml.gotmpl

@@ -249,7 +249,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "4.5.0"
+    version: "4.4.4"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -259,7 +259,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "4.5.0"
+    version: "4.4.4"
     verify: true
   nextcloudNotifyPush:
     # providerCategory: "Platform"
@@ -269,7 +269,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-notifypush"
-    version: "4.5.0"
+    version: "4.4.4"
     verify: true
   nginx:
     # providerCategory: "Community"
@@ -383,7 +383,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-openproject-bootstrap"
     name: "opendesk-openproject-bootstrap"
-    version: "2.3.0"
+    version: "2.2.0"
     verify: true
   otterize:
     # providerCategory: "Platform"

helmfile/environments/default/images.yaml.gotmpl

@@ -330,7 +330,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "2.11.0@sha256:481e83fb913c98d2ede8ae734f406ac5c12f805093af0a34cb9c86eeaa56bc01"
+    tag: "2.10.12@sha256:8a4cd73fdceb1da2c58a22a85d605eba575a2b1487e3927ab1971c9f1120549a"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -770,7 +770,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-openproject-bootstrap"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-openproject-bootstrap"
-    tag: "1.2.0@sha256:7d2ab97a8cd17aa2c12a6d613044c848edf0371974662390eb08c197aa12b84a"
+    tag: "1.1.4@sha256:2fd97a316114428849aaeef87fb8755274e675830088a93afcafac91bb048d1d"
   openprojectDbInit:
     # providerCategory: "Community"
     # providerResponsible: "OpenProject"

helmfile/environments/default/secrets.yaml.gotmpl

@@ -101,7 +101,6 @@ secrets:
   nextcloud:
     adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "nextcloud_admin_user" | sha1sum | quote }}
     metricsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "metricsToken" | sha1sum | quote }}
-    statusPassword: {{ derivePassword 1 "medium" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "nextcloud_status_user" | sha1sum | quote }}
   openproject:
     adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_admin_user" | sha1sum | quote }}
     apiAdminUsername: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_api_admin_username" | sha1sum | quote }}

helmfile/environments/default/technical.yaml.gotmpl

@@ -3,9 +3,28 @@
 ---
 technical:
 
+  # Cryptpad related technical settings
+  cryptpad:
+    # Define how many child processes are initially spawned, even without any user accessing Cryptpad.
+    # Ref.: https://github.com/cryptpad/cryptpad/blob/0dd3c1f53d56dffb06651b86ead6b9b387920173/config/config.example.js#L111
+    maxWorkers: 4
+    # Autoscaling options
+    autoscaling:
+      # Enable the Autoscaling
+      enabled: false
+      # Minimal numbers of replicas
+      minReplicas: 1
+      # Maximum numbers of replicas
+      maxReplicas: 100
+      # Percentage of the targeted CPU Utilization
+      targetCPUUtilizationPercentage: 80
+      # Percentage of the targeted Memory Utilization
+      targetMemoryUtilizationPercentage: 80
+
   # Collabora related technical settings
   collabora:
-    # Defines the value for the start parameter `-o:num_prespawn_children`
+    # Set the value for the start parameter `-o:num_prespawn_children` to define how many child processes
+    # are initially spawned, even without any user accessing Collabora.
     numPrespawnChildren: 4
 
   # Dovecot EE related settings