fix(element): Provide certificate for alternative synapse domain

.gitlab-ci.yml

@@ -26,7 +26,6 @@ include:
 
 stages:
   - ".pre"
-  - "renovate"
   - "scan"
   - "automr"
   - "env-cleanup"
@@ -61,8 +60,7 @@ variables:
       - "yes"
       - "no"
   DEBUG_ENABLED:
-    description: "Allows to set `debug.enabled` to true for a deployment, needs to be supported by stage specific\
+    description: "Allows to set `debug.enabled` to true for a deployment, needs to be supported by stage specific configuration containting: `debug.enabled: {{ env \"DEBUG_ENABLED\" | default false }}`"
-     configuration containting: `debug.enabled: {{ env \"DEBUG_ENABLED\" | default false }}`"
     value: "no"
     options:
       - "yes"
@@ -151,12 +149,6 @@ variables:
     options:
       - "yes"
       - "no"
-  RUN_RENOVATE:
-    description: "Triggers the Renovate based check for dependency updates."
-    value: "no"
-    options:
-      - "yes"
-      - "no"
   TESTS_BRANCH:
     description: "Branch of E2E-tests on which the test pipeline is triggered"
     value: "main"
@@ -547,15 +539,12 @@ avscan-start:
 
 # Overwrite shared settings
 .common-semantic-release:
-  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release-patched:latest"
+  image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release-patched:1.0.0"
   tags: []
 
 conventional-commits-linter:
   rules:
-    - if: >
+    - if: "$JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'"
-          $RUN_RENOVATE == "yes" ||
-          $JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' ||
-          $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'
       when: "never"
     - when: "always"
 
@@ -634,21 +623,4 @@ release:
     - "semantic-release"
   needs:
     - "generate-docs"
-
-renovate:
-  rules:
-    - if: >
-        $RUN_RENOVATE == "yes"
-      when: "on_success"
-  # The `-full` image does not install the dependencies on the fly, that is our preferred approach
-  image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/renovate/renovate:37.356-full"
-  variables:
-    RENOVATE_CONFIG_FILE: "${CI_PROJECT_DIR}/.renovate/config.yaml"
-    RENOVATE_ENDPOINT: "${CI_API_V4_URL}"
-    # Increase the renovatebot log level on stdout
-    LOG_LEVEL: "DEBUG"
-  script:
-    - "renovate ${RENOVATE_EXTRA_FLAGS}"
-  stage: "renovate"
-
 ...

.gitlab/lint/lint-opendesk.yml

@@ -7,11 +7,6 @@ include:
 lint-opendesk:
   extends: ".lint-common"
   image: "${OPENDESK_CI_CLI_IMAGE}"
-  rules:
-    - if: >
-        $RUN_RENOVATE == "yes"
-      when: "never"
-    - when: "always"
   script:
     - "node /app/src/index.js sort-all -d ${CI_PROJECT_DIR}/helmfile"
     - "git diff --exit-code"

.gitlab/merge_request_templates/Default.md

@@ -1,16 +0,0 @@
-<!--
-SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-SPDX-License-Identifier: Apache-2.0
--->
-
-# Summary
-
-- *describe the reason for/content of the MR*
-
-# Commits
-
-%{all_commits}
-
-# Authors
-
-%{co_authored_by}

.renovate/config.yaml

@@ -1,90 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
----
-# Platform type of repository
-platform: "gitlab"
-
-# Enable onboarding merge request
-onboarding: false
-
-# If set to true: keep repository data between runs instead of deleting the data
-persistRepoData: false
-
-# Controls Renovate's behavior regarding repository config files such as renovate.json
-requireConfig: "ignored"
-
-# List of Repositories
-# See: https://docs.renovatebot.com/configuration-options/
-repositories:
-  - repository: "bmi/opendesk/deployment/opendesk"
-    # Set the branch to read current dependency state from, this is especially useful during
-    # renovate setup when looking into your feature branch or when your default branch is
-    # not the one you want to check on.
-    baseBranches: [ "develop" ]
-    # Prefix to use for all branch names created by renovate bot (default: "renovate/")
-    branchPrefix: "renovate/"
-    # Lowercase merge request and commit titles ("never" = leave titles untouched )
-    commitMessageLowerCase: "never"
-    # Commit scope to use if Semantic Commits are enabled (fix(<scope>)...)
-    semanticCommitScope: "renovate"
-    # Commit type to use if Semantic Commits are enabled (default: "chore")
-    semanticCommitType: "chore"
-    # Enable dependency dashboard
-    dependencyDashboard: true
-    # Include package files only within these defined paths
-    includePaths:
-      - "helmfile/environments/default/images.yaml"
-      - "helmfile/environments/default/charts.yaml"
-    customManagers:
-      - customType: "regex"
-        fileMatch:
-          - "helmfile/environments/default/images.yaml"
-        datasourceTemplate: "docker"
-        matchStrings:
-          # yamllint disable rule:line-length rule:quoted-strings
-          - ' providerResponsible: "(?<depType>.+?)"[\s\S]+? upstreamRegistry: "(?<registryUrl>.+?)"[\s\S]+? upstreamRepository: "(?<depName>.+?)"[\s\S]+? tag: "(?<currentValue>[^@]+)@(?<currentDigest>sha256:[a-f0-9]+)"'
-          # yamllint enable rule:line-length rule:quoted-strings
-      - customType: "regex"
-        fileMatch:
-          - "helmfile/environments/default/charts.yaml"
-        datasourceTemplate: "docker"
-        matchStrings:
-          # yamllint disable rule:line-length rule:quoted-strings
-          - ' providerResponsible: "(?<depType>.+?)"[\s\S]+? upstreamRegistry: "(?<registryUrl>.+?)"[\s\S]+? upstreamRepository: "(?<depName>.+?)"[\s\S]+? version: "(?<currentValue>.+?)"'
-          # yamllint enable rule:line-length rule:quoted-strings
-    # Rules for matching packages
-    packageRules:
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "openDesk" ]
-        groupName: "Platform"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "Collabora" ]
-        groupName: "Collabora"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "Element" ]
-        groupName: "Element"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "Nordeck" ]
-        groupName: "Nordeck"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "Open-Xchange" ]
-        groupName: "Open-Xchange"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "OpenProject" ]
-        groupName: "OpenProject"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "OpenProject" ]
-        groupName: "OpenProject"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "Univention" ]
-        groupName: "Univention"
-      - matchDatasources: [ "docker" ]
-        matchDepTypes: [ "XWiki" ]
-        groupName: "XWiki"
-    # Add merge request labels
-    labels:
-      - "renovate"
-    # Enable custom regex manager only
-    enabledManagers:
-      - "custom.regex"
-...

README.md

@@ -37,8 +37,8 @@ openDesk currently features the following functional main components:
 | Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                                            | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
 | Project management   | OpenProject                 | [14.0.1](https://www.openproject.org/docs/release-notes/14-0-1/)                                               | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
-| Videoconferencing    | Jitsi                       | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457)                          | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
+| Videoconferencing    | Jitsi                       | [2.0.8922](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_8922)                          | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
-| Weboffice            | Collabora                   | [23.05.10.1.1](https://www.collaboraoffice.com/collabora-online-23-05-release-notes/)                           | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
+| Weboffice            | Collabora                   | [23.05.9.4.1](https://www.collaboraoffice.com/collabora-online-23-05-release-notes/)                           | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
 
 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practises regarding container design and operations.

docs/development.md

@@ -84,12 +84,12 @@ with the many available examples in the yaml files.
 Example:
 ```
   synapse:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "Element"
+    # providerResponsible: 'Element'
-    # upstreamRegistry: "https://registry-1.docker.io"
+    # upstreamRegistry: 'registry-1.docker.io'
-    # upstreamRepository: "matrixdotorg/synapse"
+    # upstreamRepository: 'matrixdotorg/synapse'
     # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "91", "2"]
+    # upstreamMirrorStartFrom: ['1', '91', '2']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
     tag: "v1.91.2@sha256:1d19508db417bb2b911c8e086bd3dc3b719ee75c6f6194d58af59b4c32b11322"
@@ -99,9 +99,9 @@ Example:
 
 Uses a regular expression to match the values of the following attributes:
 
-- `# upstreamRegistry` *required*: Attribute's value must be prefixed with `https://` for Renovate.
+- `registry`
-- `# upstreamrepository` *required*
+- `repository`
-- `tag` *required*
+- `tag`
 
 Checks for newer versions of the given artefact and creates a MR containing the newest version's tag (and digest).
 
@@ -118,7 +118,7 @@ configured to pull artefacts that do not originate from Open CoDE into projects
 The mirror script takes the information on what artefacts to mirror from the annotation inside the two yaml files:
 - `# upstreamRegistry` *required*: To identify the source registry
 - `# upstreamRepository` *required*: To identify the source repository
-- `# upstreamMirrorTagFilterRegEx` *required*: If this annotation is set it activates the mirror for the component. Only tags are being mirrored that match the given regular expression. **Note:** You have to use single quotes for this attribute's value in case you use backslash leading regex notation like `\d`.
+- `# upstreamMirrorTagFilterRegEx` *required*: If this annotation is set it activates the mirror for the component. Only tags are being mirrored that match the given regular expression.
 - `# upstreamMirrorStartFrom` *optional*: Array of numeric values in case you want to mirror only artefacts beginning with a specific version. You must use capturing groups
   in `# upstreamMirrorTagFilterRegEx` to identify the single numeric elements of the version within the tag and use per capturing group (left to right) one numeric array
   element here to define the version the mirror should start with.

docs/enhanced-configuration/separate-mail-matrix-domain.md

@@ -66,20 +66,3 @@ This setup requires also a different DNS setup:
 | _matrix._tcp.my_organization.tld | SRV  | `1 10 PORT matrix.opendesk.domain.tld` | `PORT` is your NodePort/LoadBalancer port of `opendesk-synapse-federation` service |
 
 *Note:* `matrix.opendesk.domain.tld` in the "Value" column can also be the IP address where synapse TLS port is listening to.
-
-If you want to use other Matrix clients,
-e.g., Element Messenger for [iOS](https://apps.apple.com/de/app/element-messenger/id1083446067)
-or [Android](https://play.google.com/store/apps/details?id=im.vector.app),
-you need to create a JSON file with the following contents that is served from
-`https://my_organization.tld/.well-known/matrix/client`:
-
-```json
-{
-  "m.homeserver": {
-    "base_url": "https://matrix.opendesk.domain.tld"
-  }
-}
-```
-
-This ensures clients know where to find the Matrix protocol endpoint when users specify `my_organization.tld`
-as their homeserver.

helmfile.yaml

@@ -12,7 +12,6 @@ helmfiles:
   - path: "helmfile/apps/open-xchange/helmfile.yaml"
   - path: "helmfile/apps/nextcloud/helmfile.yaml"
   - path: "helmfile/apps/collabora/helmfile.yaml"
-  - path: "helmfile/apps/cryptpad/helmfile.yaml"
   - path: "helmfile/apps/jitsi/helmfile.yaml"
   - path: "helmfile/apps/element/helmfile.yaml"
   - path: "helmfile/apps/openproject/helmfile.yaml"

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -247,8 +247,6 @@ appsuite:
     propertiesFiles:
       /opt/open-xchange/etc/AdminDaemon.properties:
         MASTER_ACCOUNT_OVERRIDE: "true"
-      /opt/open-xchange/etc/AdminUser.properties:
-        USERNAME_CHANGEABLE: "true"
       /opt/open-xchange/etc/system.properties:
         SERVER_NAME: "oxserver"
       /opt/open-xchange/etc/ldapauth.properties:

helmfile/apps/univention-management-stack/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -28,8 +28,6 @@ config:
     intraCluster:
       enabled: true
       internalBaseUrl: "http://ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
-  twoFactorSettings:
-    additionalGroups: {{ .Values.authentication.twoFactor.groups }}
   custom:
     clientScopes:
       - name: "read_contacts"

helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl

@@ -142,16 +142,6 @@ ldap-notifier:
   enabled: true
   podAnnotations:
     intents.otterize.com/service-name: "ums-ldap-notifier"
-  affinity:
-    podAffinity:
-      requiredDuringSchedulingIgnoredDuringExecution:
-        - labelSelector:
-            matchExpressions:
-              - key: statefulset.kubernetes.io/pod-name
-                operator: In
-                values:
-                  - ums-ldap-server-primary-0
-          topologyKey: kubernetes.io/hostname
   image:
     registry: {{ .Values.global.imageRegistry | default .Values.images.umsLdapNotifier.registry | quote }}
     repository: {{ .Values.images.umsLdapNotifier.repository | quote }}
@@ -171,22 +161,13 @@ ldap-notifier:
       {{- .Values.seLinuxOptions.umsPortalListener | toYaml | nindent 6 }}
   volumes:
     claims:
-      shared-data: "shared-data-ums-ldap-server-primary-0"
+      shared-data: "shared-data-ums-ldap-server-0"
-      shared-run: "shared-run-ums-ldap-server-primary-0"
+      shared-run: "shared-run-ums-ldap-server-0"
 
 ldap-server:
   enabled: true
-  replicaCountPrimary: 2
-  replicaCountSecondary: 3
-  replicaCountProxy: 3
   additionalAnnotations:
     intents.otterize.com/service-name: "ums-ldap-server"
-  podAnnotationsPrimary:
-    intents.otterize.com/service-name: "ums-ldap-server-primary"
-  podAnnotationsSecondary:
-    intents.otterize.com/service-name: "ums-ldap-server-secondary"
-  podAnnotationsProxy:
-    intents.otterize.com/service-name: "ums-ldap-server"
   replicaCount: {{ .Values.replicas.umsLdapServer }}
   serviceAccount:
     annotations:
@@ -246,12 +227,8 @@ ldap-server:
     storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
     size: {{ .Values.persistence.size.univentionManagementStack.ldapServerData | quote }}
 
-  resourcesPrimary:
+  resources:
-    {{ .Values.resources.umsLdapServerPrimary | toYaml | nindent 4 }}
+    {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
-  resourcesSecondary:
-    {{ .Values.resources.umsLdapServerSecondary | toYaml | nindent 4 }}
-  resourcesProxy:
-    {{ .Values.resources.umsLdapServerProxy | toYaml | nindent 4 }}
 
   initResources:
     {{ .Values.resources.umsLdapServerInit | toYaml | nindent 4 }}
@@ -366,7 +343,7 @@ portal-listener:
     ucsInternalPath: "portal-data"
 
     ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
@@ -600,7 +577,7 @@ udm-listener:
   config:
     debugLevel: "4"
     ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     ldapPort: "389"
@@ -634,8 +611,7 @@ stack-data-ums:
     domainname: {{ .Values.global.domain | quote }}
     externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
     hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
-    ldapMasterHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
-    ldapHost: {{ .Values.ldap.hostSecondary | quote }}
     ldapBase: {{ .Values.ldap.baseDn | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     idpSamlMetadataUrl: {{ printf "http://ums-keycloak.%s.svc.%s:8080/realms/%s/protocol/saml/descriptor" .Release.Namespace .Values.cluster.networking.domain .Values.platform.realm | quote }}
@@ -758,7 +734,7 @@ selfservice-listener:
 
   selfserviceListener:
     ldapBaseDn: {{ .Values.ldap.baseDn | quote }}
-    ldapHost: {{ .Values.ldap.hostPrimary | quote }}
+    ldapHost: {{ .Values.ldap.host | quote }}
     ldapHostDn: {{ printf "%s,%s" "cn=admin" .Values.ldap.baseDn | quote }}
     ldapPassword: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
     machineSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
@@ -1145,13 +1121,11 @@ keycloak-bootstrap:
 keycloak-extensions:
   enabled: true
   keycloak:
-    connection:
+    host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}:8080"
-      host: "ums-keycloak.{{ .Release.Namespace }}.svc.{{ .Values.cluster.networking.domain }}"
+    adminUsername: "kcadmin"
-    auth:
+    adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
-      username: "kcadmin"
+    adminRealm: "master"
-      password: {{ .Values.secrets.keycloak.adminPassword | quote }}
+    realm: {{ .Values.platform.realm | quote }}
-      masterRealm: "master"
-      realm: {{ .Values.platform.realm | quote }}
   postgresql:
     connection:
       host: {{ .Values.databases.keycloakExtension.host | quote }}
@@ -1160,13 +1134,6 @@ keycloak-extensions:
       database: {{ .Values.databases.keycloakExtension.name | quote }}
       username: {{ .Values.databases.keycloakExtension.username | quote }}
       password: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
-  smtp:
-    connection:
-      host: {{ .Values.smtp.host | quote }}
-      port: {{ .Values.smtp.port | quote }}
-    auth:
-      username: {{ .Values.smtp.username | quote }}
-      password: {{ .Values.smtp.password | quote }}
   handler:
     replicaCount: {{ .Values.replicas.umsKeycloakExtensionsHandler }}
     podAnnotations:
@@ -1184,6 +1151,10 @@ keycloak-extensions:
       ipProtectionEnable: true
       logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
       newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
+      smtpPassword: {{ .Values.smtp.password | quote }}
+      smtpHost: {{ .Values.smtp.host | quote }}
+      smtpPort: {{ .Values.smtp.port | quote }}
+      smtpUsername: {{ .Values.smtp.username | quote }}
       mailFrom: "noreply@{{ .Values.global.domain }}"
     securityContext:
       allowPrivilegeEscalation: false

helmfile/environments/default/_helper.yaml

@@ -3,8 +3,6 @@
 ---
 ldap:
   host: "ums-ldap-server"
-  hostPrimary: "ums-ldap-server-primary"
-  hostSecondary: "ums-ldap-server-secondary"
   notifierHost: "ums-ldap-notifier"
   baseDn: "dc=swp-ldap,dc=internal"
 ## Define Keycloak realmname for openDesk

helmfile/environments/default/charts.yaml

@@ -7,215 +7,215 @@
 ---
 charts:
   certificates:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-certificates/opendesk-certificates"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-certificates/opendesk-certificates'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-certificates"
     name: "opendesk-certificates"
     version: "2.2.0"
     verify: true
   clamav:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-clamav/opendesk-clamav"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-clamav/opendesk-clamav'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-clamav"
     name: "opendesk-clamav"
     version: "4.0.5"
     verify: true
   clamavSimple:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-clamav/clamav-simple"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-clamav/clamav-simple'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-clamav"
     name: "clamav-simple"
     version: "4.0.5"
     verify: true
   collabora:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "Collabora"
+    # providerResponsible: 'Collabora'
-    # upstreamRegistry: "https://ghcr.io/collaboraonline/charts"
+    # upstreamRegistry: 'ghcr.io/collaboraonline/charts'
-    # upstreamRepository: "collabora-online"
+    # upstreamRepository: 'collabora-online'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "1", "8"]
+    # upstreamMirrorStartFrom: ['1', '1', '8']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
     name: "collabora-online"
-    version: "1.1.15"
+    version: "1.1.11"
     verify: true
   cryptpad:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "XWiki"
+    # providerResponsible: 'XWiki'
-    # upstreamRegistry: "https://ghcr.io/cryptpad/helm"
+    # upstreamRegistry: 'ghcr.io/cryptpad/helm'
-    # upstreamRepository: "cryptpad"
+    # upstreamRepository: 'cryptpad'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["0", "0", "17"]
+    # upstreamMirrorStartFrom: ['0', '0', '17']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
     name: "cryptpad"
-    version: "0.0.19"
+    version: "0.0.18"
     verify: true
   dovecot:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "Open-Xchange"
+    # providerResponsible: 'Open-Xchange'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot/dovecot"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-dovecot/dovecot'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
     version: "1.3.10"
     verify: true
   element:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-element"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-element'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-element"
     version: "2.7.1"
     verify: true
   elementWellKnown:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-well-known"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-well-known'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-well-known"
     version: "2.7.1"
     verify: true
   home:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-home"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-home'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-home"
     name: "opendesk-home"
     version: "1.0.1"
     verify: true
   intercomService:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "Univention"
+    # providerResponsible: 'Univention'
-    # upstreamRegistry: "https://registry.souvap-univention.de"
+    # upstreamRegistry: 'registry.souvap-univention.de'
-    # upstreamRepository: "souvap/tooling/charts/intercom-service/intercom-service"
+    # upstreamRepository: 'souvap/tooling/charts/intercom-service/intercom-service'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["2", "0", "1"]
+    # upstreamMirrorStartFrom: ['2', '0', '1']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "intercom-service"
     version: "2.0.1"
     verify: true
   jitsi:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi/opendesk-jitsi"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-jitsi/opendesk-jitsi'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi"
     name: "opendesk-jitsi"
-    version: "1.7.9"
+    version: "1.7.8"
     verify: true
   mariadb:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-mariadb/mariadb"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-mariadb/mariadb'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-mariadb"
     name: "mariadb"
     version: "2.2.1"
     verify: true
   matrixNeoboardWidget:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neoboard-widget"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neoboard-widget'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
     name: "matrix-neoboard-widget"
     version: "3.5.0"
     verify: true
   matrixNeochoiseWidget:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neochoice-widget"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neochoice-widget'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
     name: "matrix-neochoice-widget"
     version: "3.5.0"
     verify: true
   matrixNeodatefixBot:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neodatefix-bot"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neodatefix-bot'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
     name: "matrix-neodatefix-bot"
     version: "3.5.0"
     verify: true
   matrixNeodatefixWidget:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neodatefix-widget"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neodatefix-widget'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
     name: "matrix-neodatefix-widget"
     version: "3.5.0"
     verify: true
   matrixUserVerificationService:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-matrix-user-verification-service"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-matrix-user-verification-service'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-matrix-user-verification-service"
     version: "2.7.1"
     verify: true
   memcached:
-    # providerCategory: "Community"
+    # providerCategory: 'Community'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry-1.docker.io"
+    # upstreamRegistry: 'registry-1.docker.io'
-    # upstreamRepository: "bitnamicharts/memcached"
+    # upstreamRepository: 'bitnamicharts/memcached'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/external/charts/bitnami-charts"
     name: "memcached"
     version: "6.7.1"
     verify: true
   minio:
-    # providerCategory: "Community"
+    # providerCategory: 'Community'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry-1.docker.io"
+    # upstreamRegistry: 'registry-1.docker.io'
-    # upstreamRepository: "bitnamicharts/minio"
+    # upstreamRepository: 'bitnamicharts/minio'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/external/charts/bitnami-charts"
     name: "minio"
     version: "12.10.11"
     verify: true
   nextcloud:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
     version: "1.5.2"
     verify: true
   nextcloudManagement:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
     # packageName=bmi/opendesk/components/platform-development/charts/opendesk-nextcloud/opendesk-nextcloud-management
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
@@ -223,182 +223,170 @@ charts:
     version: "1.5.2"
     verify: true
   nginx:
-    # providerCategory: "Community"
+    # providerCategory: 'Community'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry-1.docker.io"
+    # upstreamRegistry: 'registry-1.docker.io'
-    # upstreamRepository: "bitnamicharts/nginx"
+    # upstreamRepository: 'bitnamicharts/nginx'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/external/charts/bitnami-charts"
     name: "nginx"
     version: "15.9.3"
     verify: true
   opendeskKeycloakBootstrap:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
     name: "opendesk-keycloak-bootstrap"
-    version: "1.1.0"
+    version: "1.0.7"
     verify: true
   openproject:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "openProject"
+    # providerResponsible: 'openProject'
-    # upstreamRegistry: "https://ghcr.io"
+    # upstreamRegistry: 'ghcr.io'
-    # upstreamRepository: "opf/helm-charts/openproject"
+    # upstreamRepository: 'opf/helm-charts/openproject'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["3", "0", "2"]
+    # upstreamMirrorStartFrom: ['3', '0', '2']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
     name: "openproject"
-    version: "4.5.0"
+    version: "4.2.1"
     verify: true
   openprojectBootstrap:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-openproject-bootstrap"
     name: "opendesk-openproject-bootstrap"
     version: "1.3.0"
     verify: true
   openXchangeAppSuite:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "Open-Xchange"
+    # providerResponsible: 'Open-Xchange'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["2", "2", "37"]
+    # upstreamMirrorStartFrom: ['2', '2', '37']
-    # upstreamRegistry: "https://registry.open-xchange.com"
+    # upstreamRegistry: 'registry.open-xchange.com'
-    # upstreamRepository: "appsuite-public-sector/charts/appsuite-public-sector"
+    # upstreamRepository: 'appsuite-public-sector/charts/appsuite-public-sector'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
     name: "appsuite-public-sector"
     version: "2.5.3"
     verify: false
   openXchangeAppSuiteBootstrap:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap/opendesk-open-xchange-bootstrap"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap/opendesk-open-xchange-bootstrap'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
     name: "opendesk-open-xchange-bootstrap"
     version: "1.3.4"
     verify: true
   otterize:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize/opendesk-otterize"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-otterize/opendesk-otterize'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-otterize"
     name: "opendesk-otterize"
-    version: "2.1.0-feat-ldap-server-scalability"
+    version: "2.0.1"
     verify: true
   oxConnector:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "Univention"
+    # providerResponsible: 'Univention'
-    # upstreamRegistry: "https://registry.souvap-univention.de"
+    # upstreamRegistry: 'registry.souvap-univention.de'
-    # upstreamRepository: "souvap/tooling/charts/univention/ox-connector"
+    # upstreamRepository: 'souvap/tooling/charts/univention/ox-connector'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["0", "4", "2"]
+    # upstreamMirrorStartFrom: ['0', '4', '2']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ox-connector"
     version: "0.4.2"
     verify: true
   postfix:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix/postfix"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-postfix/postfix'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
     name: "postfix"
     version: "2.0.5"
     verify: true
   postgresql:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql/postgresql"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-postgresql/postgresql'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql"
     name: "postgresql"
     version: "2.0.5"
     verify: true
   redis:
-    # providerCategory: "Community"
+    # providerCategory: 'Community'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry-1.docker.io"
+    # upstreamRegistry: 'registry-1.docker.io'
-    # upstreamRepository: "bitnamicharts/redis"
+    # upstreamRepository: 'bitnamicharts/redis'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/external/charts/bitnami-charts"
     name: "redis"
     version: "18.6.1"
     verify: true
   synapse:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse"
     version: "2.7.1"
     verify: true
   synapseCreateAccount:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-create-account"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-create-account'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-create-account"
     version: "2.7.1"
     verify: true
   synapseWeb:
-    # providerCategory: "Platform"
+    # providerCategory: 'Platform'
-    # providerResponsible: "openDesk"
+    # providerResponsible: 'openDesk'
-    # upstreamRegistry: "https://registry.opencode.de"
+    # upstreamRegistry: 'registry.opencode.de'
-    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-web"
+    # upstreamRepository: 'bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-web'
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-web"
     version: "2.7.1"
     verify: true
   ums:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "Univention"
+    # providerResponsible: 'Univention'
-    # upstreamRegistry: "https://registry.souvap-univention.de"
+    # upstreamRegistry: 'registry.souvap-univention.de'
-    # upstreamRepository: "souvap/tooling/charts/univention/ums"
+    # upstreamRepository: 'souvap/tooling/charts/univention/ums'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["0", "12", "0"]
+    # upstreamMirrorStartFrom: ['0', '0', '1']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "ums"
-    version: "0.16.0"
+    version: "0.13.0"
-    verify: true
-  umsKeycloakBootstrap:
-    # providerCategory: "Supplier"
-    # providerResponsible: "Univention"
-    # upstreamRegistry: "https://registry.souvap-univention.de"
-    # upstreamRepository: "souvap/tooling/charts/univention-keycloak-bootstrap/ums-keycloak-bootstrap"
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "0", "1"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
-    name: "ums-keycloak-bootstrap"
-    version: "1.0.1"
     verify: true
   xwiki:
-    # providerCategory: "Supplier"
+    # providerCategory: 'Supplier'
-    # providerResponsible: "XWiki"
+    # providerResponsible: 'XWiki'
-    # upstreamRegistry: "https://git.xwikisas.com:5050/xwikisas/swp/xwiki/contrib-xwiki-helm"
+    # upstreamRegistry: 'git.xwikisas.com:5050/xwikisas/swp/xwiki/contrib-xwiki-helm'
-    # upstreamRepository: "xwiki"
+    # upstreamRepository: 'xwiki'
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "2", "4"]
+    # upstreamMirrorStartFrom: ['1', '2', '4']
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
     name: "xwiki"

helmfile/environments/default/functional.yaml

@@ -1,10 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
----
-authentication:
-  twoFactor:
-    # Define a list of groups to enable 2FA for.
-    # Note: Removing a group from the list will not disable 2FA for the removed group.
-    groups:
-      - "Domain Admins"
-...

helmfile/environments/default/resources.yaml

@@ -60,12 +60,10 @@ resources:
     requests:
       cpu: 0.1
       memory: "64Mi"
-  # The Jibri container requires 2Gi /dev/shm so we need a limit based on the expected memory consumption of the
-  # service plus the 2Gi /dev/shm
   jibri:
     limits:
       cpu: 99
-      memory: "3Gi"
+      memory: "768Mi"
     requests:
       cpu: 0.1
       memory: "384Mi"
@@ -391,21 +389,7 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsLdapServerPrimary:
+  umsLdapServer:
-    limits:
-      cpu: 99
-      memory: "1Gi"
-    requests:
-      cpu: 0.1
-      memory: "256Mi"
-  umsLdapServerSecondary:
-    limits:
-      cpu: 99
-      memory: "1Gi"
-    requests:
-      cpu: 0.1
-      memory: "256Mi"
-  umsLdapServerProxy:
     limits:
       cpu: 99
       memory: "1Gi"