fix(open-xchange): Enable switchboard

helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl

@@ -55,6 +55,13 @@ dovecot:
   sieve:
     notify:
       mailtoEnvelopeFrom: "orig_recipient"
+  pushNotification:
+    enabled: true
+    host: "open-xchange-core-mw-http-api"
+    username:
+      value: "oxlogin"
+    password:
+      value: {{ .Values.secrets.oxAppSuite.basicAuthPassword | quote }}
   submission:
     enabled: true
     ssl: "no"

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -90,8 +90,6 @@ public-sector-ui:
 appsuite:
   appsuite-toolkit:
     enabled: false
-  switchboard:
-    enabled: false
   istio:
     enabled: false
   ingress:
@@ -210,6 +208,10 @@ appsuite:
           {{ .Values.annotations.openxchangeAppsuiteIngress.wopiServerRoute | toYaml | nindent 10 }}
       trailslash:
         enabled: false
+    switchboard:
+      enabled: true
+      hosts:
+        - "switchboard.{{ .Values.global.domain }}"
   core-mw:
     enabled: true
     asConfig:
@@ -365,6 +367,10 @@ appsuite:
         open-xchange-documents-templates: "disabled"
         # Required for the central contacts integration
         open-xchange-oauth-provider: "enabled"
+        # Required for push notifications from Dovecot
+        open-xchange-push-dovecot: "enabled"
+        open-xchange-rest: "enabled"
+        open-xchange-pns-impl: "enabled"
         # Needed to set com.openexchange.hostname
         open-xchange-hostname-config-cascade: "enabled"
         # Enable s3 storage
@@ -422,6 +428,15 @@ appsuite:
       com.openexchange.oauth.provider.mode: "expect_jwt"
       com.openexchange.oauth.provider.userLookupNamePart: "full"
       com.openexchange.oauth.provider.userLookupClaim: "opendesk_username"
+      # PUSH
+      com.openexchange.pns.transport.webhooks.enabled: "true"
+      com.openexchange.pns.transport.webhooks.allowLocalWebhooks: "true"
+      com.openexchange.pns.transport.webhooks.httpsOnly: "false"
+      com.openexchange.pns.transport.webhooks.allowTrustAll: "true"
+      com.openexchange.webhooks.enabledIds: switchboard
+      com.openexchange.push.credstorage.enabled: "true"
+      com.openexchange.push.dovecot.enabled: "true"
+      #com.openexchange.push.dovecot.preferDoveadmForMetadata: "true"
       # MAIL
       com.openexchange.mail.authType: "xoauth2"
       com.openexchange.mail.loginSource: "name"
@@ -548,6 +563,11 @@ appsuite:
         MASTER_ACCOUNT_OVERRIDE: "true"
       /opt/open-xchange/etc/AdminUser.properties:
         USERNAME_CHANGEABLE: "true"
+      #/opt/open-xchange/etc/doveadm.properties:
+      #  #com.openexchange.dovecot.doveadm.enabled: "true"
+      #  #com.openexchange.dovecot.doveadm.endpoints: "http://dovecot:8080/doveadm/v1"
+      #  #com.openexchange.dovecot.doveadm.apiSecret: {{ printf "X-Dovecot-API %s" (.Values.secrets.dovecot.doveadm | b64enc ) | quote }}
+      #  #com.openexchange.dovecot.doveadm.apiSecret: {{ .Values.secrets.dovecot.doveadm | quote }}
       /opt/open-xchange/etc/antivirus.properties:
         com.openexchange.antivirus.enabled: "true"
         {{- if .Values.antivirus.icap.host }}
@@ -572,6 +592,12 @@ appsuite:
         bindDN: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
         bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
         bindOnly: "false"
+      /opt/open-xchange/etc/mail-push.properties:
+        com.openexchange.push.allowPermanentPush: "true"
+        com.openexchange.push.allowedClients: "USM-EAS*, open-xchange-mobile-api-facade*, open-xchange-appsuite*"
+        com.openexchange.push.credstorage.enabled: "true"
+        com.openexchange.push.credstorage.passcrypt: "abcd123"
+        com.openexchange.push.dovecot.enabled: "true"
       /opt/open-xchange/etc/noreply.properties:
         com.openexchange.noreply.address: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.mailDomain | default .Values.global.domain }}"
         com.openexchange.noreply.login: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
@@ -579,14 +605,29 @@ appsuite:
         com.openexchange.noreply.server: "postfix"
         com.openexchange.noreply.port: "25"
         com.openexchange.noreply.secureMode: "plain"
+      /opt/open-xchange/etc/settings/switchboard.properties:
+        io.ox/switchboard//host: "switchboard.{{ .Values.global.domain }}"
+        #io.ox/switchboard//apiRoot: /switchboard/
+      /opt/open-xchange/etc/switchboard.properties:
+        com.openexchange.capability.switchboard: "true"
       /opt/open-xchange/etc/system.properties:
         SERVER_NAME: "oxserver"
+      /opt/open-xchange/etc/tokenlogin.properties:
+        com.openexchange.tokenlogin.applications: "verysecret1234"
+        #com.openexchange.tokenlogin.switchboard.accessPassword: "verysecret1234"
+    switchboard:
+      uri: "https://switchboard.{{ .Values.global.domain }}/api/v1/webhook"
+      webhookSecret: "secret1"
+      signatureSecret: "secret2"
+      signatureHeaderName: "X-OX-Signature"
     uiSettings:
       io.ox.nextcloud//server: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/fs/"
       io.ox.public-sector//ics/url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/"
       # Show the Enterprise Picker in the top right corner instead of the launcher drop-down
       io.ox/core//features/enterprisePicker/showLauncher: "false"
       io.ox/core//features/enterprisePicker/showTopRightLauncher: "true"
+      # Push
+      io.ox/core//features/pns: "true"
       # Text and icon color in the topbar
       io.ox/dynamic-theme//topbarColor: "#000"
       io.ox/dynamic-theme//logoWidth: "82"
@@ -629,6 +670,8 @@ appsuite:
       oxguardpass: |
         {{ .Values.secrets.oxAppSuite.oxguardMC }}
         {{ .Values.secrets.oxAppSuite.oxguardRC }}
+      tokenlogin-secrets: |-
+        verysecret1234
     redis: &redisConfiguration
       enabled: true
       mode: "standalone"
@@ -963,4 +1006,48 @@ appsuite:
         {{ .Values.seLinuxOptions.openxchangeCoreUserGuide | toYaml | nindent 8 }}
     serviceAccount:
       create: false
+
+  switchboard:
+    logLevel: trace
+    enabled: true
+    appsuite:
+      apiSecret: "verysecret1234"
+      webhookSecret: "secret1"
+      signatureSecret: "secret2"
+    image:
+      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeSwitchboard.registry | quote }}
+      repository: {{ .Values.images.openxchangeSwitchboard.repository | quote }}
+      tag: {{ .Values.images.openxchangeSwitchboard.tag | quote }}
+      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+    jwtSecret:
+      enabled: false
+    #jwt:
+    #  sharedSecret: "asdf123123!"
+    jwks:
+      enabled: true
+      secretName: "open-xchange-switchboard-jwks"
+    mysql:
+      enabled: true
+      #existingSecret: ""
+      host: {{ .Values.databases.oxAppSuiteSwitchboard.host | quote }}
+      database: {{ .Values.databases.oxAppSuiteSwitchboard.name | quote }}
+      connections: 10
+      auth:
+        user: {{ .Values.databases.oxAppSuiteSwitchboard.username | quote }}
+        password: {{ .Values.databases.oxAppSuiteSwitchboard.password | default .Values.secrets.mariadb.openxchangeSwitchboardUser | quote }}
+    redis:
+      auth:
+        enabled: true
+        username: {{ .Values.cache.oxAppSuitePush.username }}
+        password: {{ .Values.cache.oxAppSuitePush.password | default .Values.secrets.redis.password | quote }}
+      hosts:
+        - {{ printf "%s:%d" .Values.cache.oxAppSuitePush.host .Values.cache.oxAppSuitePush.port | quote }}
+      tls:
+        enabled: {{ .Values.cache.oxAppSuitePush.tls }}
+      db: {{ .Values.cache.oxAppSuitePush.db }}
+    vapid:
+      enabled: true
+      publicKey: "BHfm5XB7dUKsWhOjTK5NJ9ELkU7lzMfwvvbDIvhZXl4mPPAJpXyKzakrsh0KDp55fE7I1IviIw67RDfweipirHw"
+      privateKey: "GSLaxOqm2INskLnwq2lmFSUMjE6Jkg7ioA-64xQZOIE"
+      subject: "mailto:switchboard@kaltenbrunner.it"
 ...

helmfile/apps/services-external/values-mariadb.yaml.gotmpl

@@ -43,6 +43,9 @@ job:
     - username: "openxchange_user"
       password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
       connectionLimit: {{ .Values.databases.oxAppSuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
+    - username: "openxchange_switchboard_user"
+      password: {{ .Values.secrets.mariadb.openxchangeSwitchboardUser | quote }}
+      connectionLimit: {{ .Values.databases.oxAppSuiteSwitchboard.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
 {{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
     - username: {{ .Values.databases.nextcloud.username | quote }}
       password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
@@ -57,6 +60,8 @@ job:
     # OX uses root user and auto automanages the database, we add a dummy user and create a dummy/empty database.
     - name: "openxchange_dummy"
       user: "openxchange_user"
+    - name: {{ .Values.databases.oxAppSuiteSwitchboard.name | quote }}
+      user: {{ .Values.databases.oxAppSuiteSwitchboard.username | quote }}
 {{ if or (eq .Values.databases.nextcloud.type "mariadb") (eq .Values.databases.nextcloud.type "mysql") }}
     - name: {{ .Values.databases.nextcloud.name | quote }}
       user: {{ .Values.databases.nextcloud.username | quote }}

helmfile/environments/default-enterprise-overrides/charts.yaml.gotmpl

@@ -6,7 +6,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/product-development/charts/opendesk-dovecot-pro"
     name: "dovecot"
-    version: "3.1.8"
+    version: "3.1.9-fix-ox-optimizations"
     verify: true
   oxAppSuite:
     registry: "registry.opencode.de"

helmfile/environments/default/cache.yaml.gotmpl

@@ -25,6 +25,13 @@ cache:
     port: 6379
     username: "default"
     password: ""
+  oxAppSuitePush:
+    host: "redis-headless"
+    port: 6379
+    username: "default"
+    password: ""
+    tls: false
+    db: 7
   umsSelfservice:
     host: "memcached"
     port: 11211

helmfile/environments/default/charts.yaml.gotmpl

@@ -97,7 +97,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
-    version: "3.1.5"
+    version: "3.1.6-fix-ox-optimizations"
     verify: true
   element:
     # providerCategory: "Platform"

helmfile/environments/default/database.yaml.gotmpl

@@ -76,6 +76,14 @@ databases:
     readUser: ~
     readPassword: ~
     connectionLimit: ~
+  oxAppSuiteSwitchboard:
+    type: "mariadb"
+    name: "switchboard"
+    host: "mariadb"
+    port: 3306
+    username: "openxchange_switchboard_user"
+    password: ""
+    connectionLimit: ~
   synapse:
     type: "postgresql"
     name: "matrix"

helmfile/environments/default/images.yaml.gotmpl

@@ -899,6 +899,16 @@ images:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/public-sector-ui"
     tag: "2.5.0@sha256:e7838687b30eb7d4976e9e0c99d23cdc0cc59b1f38d322dc8562905a723218bf"
+  openxchangeSwitchboard:
+    # providerCategory: "Supplier"
+    # providerResponsible: "Open-Xchange"
+    # upstreamRegistry: "https://registry.open-xchange.com"
+    # upstreamRepository: "appsuite-public-sector/switchboard"
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
+    # upstreamMirrorStartFrom: ["5", "1", "4"]
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/switchboard"
+    tag: "5.1.4@sha256:603870c99d15156ca613913820a4a907e808b908711e99ea3d6f63fac0edc217"
   oxConnector:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"

helmfile/environments/default/secrets.yaml.gotmpl

@@ -72,6 +72,7 @@ secrets:
     rootPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "root_password" | sha1sum | quote }}
     xwikiUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "xwiki_user" | sha1sum | quote }}
     openxchangeUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_user" | sha1sum | quote }}
+    openxchangeSwitchboardUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "openxchange_switchboard_user" | sha1sum | quote }}
     nextcloudUser: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "mariadb" "nextcloud_user" | sha1sum | quote }}
   minio:
     dovecotUser: {{ (derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "minio" "dovecot_user" | sha1sum | quote) }}