fix(nubus): Temporary fix to set the maximum nats payload message size to 16MB

fix(nubus): Add LDAP 2.4 import scripts, update migrations and opendesk-keycloak-boostrap chart.
fix(opendesk-keycloak-bootstrap): Client creation fix
2025-12-07 16:01:37 +01:00 · 2024-09-24 14:11:31 +02:00 · 2024-09-24 07:21:55 +02:00 · 2024-09-24 05:21:16 +00:00 · 2024-09-24 05:21:16 +00:00 · 2024-09-24 05:21:16 +00:00
45 changed files with 151 additions and 900 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -6,8 +6,10 @@
 # Ignore changes to sample environments
 helmfile/environments/dev/*.yaml.gotmpl
 helmfile/environments/test/*.yaml.gotmpl
 helmfile/environments/prod/*.yaml.gotmpl
 !helmfile/environments/dev/sample.yaml.gotmpl
 !helmfile/environments/test/sample.yaml.gotmpl
 !helmfile/environments/prod/sample.yaml.gotmpl
 # Ignore in CI generated files
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@
 ---
 include:
  - project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
-    ref: "v2.3.3"
+    ref: "v2.3.4"
    file:
      - "ci/common/automr.yml"
      - "ci/common/lint.yml"
@@ -692,5 +692,4 @@ renovate:
  script:
    - "renovate ${RENOVATE_EXTRA_FLAGS}"
  stage: "renovate"
 ...
--- a/.gitlab/common/common.yml
+++ b/.gitlab/common/common.yml
@@ -2,10 +2,10 @@
 # SPDX-License-Identifier: Apache-2.0
 ---
 variables:
-  OPENDESK_CI_CLI_IMAGE: "registry.opencode.de/bmi/opendesk/tooling/opendesk-ci-cli:2.4.4\
+  OPENDESK_CI_CLI_IMAGE: "registry.opencode.de/bmi/opendesk/tooling/opendesk-ci-cli:2.5.0\
-    @sha256:4120fe717071876f4c9ff128f26019d089fda158a4fb1912911e09af2fd3875f"
+    @sha256:630e102edc70c9e730a46180e79ff278fd8b5039eb336110e0df89fe415225ef"
-  OPENDESK_LINT_IMAGE: "registry.opencode.de/bmi/opendesk/components/platform-development/images/ci-lint:1.0.5\
+  OPENDESK_LINT_IMAGE: "registry.opencode.de/bmi/opendesk/components/platform-development/images/ci-lint:1.0.6\
-    @sha256:60870adb64b0503d4a6efd16cef4e074b91a4ca52b48811cfcea057bcccd07e4"
+    @sha256:0a8997876a0c3f5a3c73eb6bd75c5cde63757bc31b983bfd92cfcb17389d536f"
 .common:
  cache: {}
--- a/.gitlab/lint/lint-kyverno.yml
+++ b/.gitlab/lint/lint-kyverno.yml
@@ -26,6 +26,9 @@ lint-kyverno:
          - "xwiki"
  script:
    - "cd ${CI_PROJECT_DIR}/helmfile/apps/${APP}"
    - >
      node /app/opendesk-ci-cli/src/index.js generate-kyverno-env
      -d ${CI_PROJECT_DIR}/helmfile/environments
    - "helmfile template -e test --include-needs > ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml"
    - >
      node /app/opendesk-ci-cli/src/index.js generate-kyverno-tests
--- a/.reuse/dep5
+++ b/.reuse/dep5
@@ -1,16 +0,0 @@
 Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: openDesk - der Souveräne Arbeitsplatz
 Upstream-Contact: <opendesk@zendis.de>
 Source: https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk
 Files: helmfile/files/theme/*
 Copyright: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 License: Apache-2.0
 Files: helmfile/files/gpg-pubkeys/*
 Copyright: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 License: CC0-1.0
 Files: cspell.json
 Copyright: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 License: Apache-2.0
--- a/REUSE.toml
+++ b/REUSE.toml
@@ -0,0 +1,19 @@
 # SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 version = 1
 [[annotations]]
 path = "helmfile/files/theme/*"
 SPDX-FileCopyrightText = "2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH"
 SPDX-License-Identifier = "Apache-2.0"
 [[annotations]]
 path = "cspell.json"
 SPDX-FileCopyrightText = "2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH"
 SPDX-License-Identifier = "Apache-2.0"
 [[annotations]]
 path = "helmfile/files/gpg-pubkeys/*"
 SPDX-FileCopyrightText = "2023 Bundesministerium des Innern und für Heimat, PG ZenDiS \"Projektgruppe für Aufbau ZenDiS\""
 SPDX-License-Identifier = "CC0-1.0"
--- a/dev/charts-local.py
+++ b/dev/charts-local.py
@@ -25,7 +25,7 @@ script_path = os.path.dirname(os.path.realpath(__file__))
 log_path = script_path+'/../logs'
 charts_yaml = script_path+'/../helmfile/environments/default/charts.yaml'
 base_repo_path = script_path+'/..'
-base_helmfile = base_repo_path+'/helmfile_generic.yaml'
+base_helmfile = base_repo_path+'/helmfile_generic.yaml.gotmpl'
 helmfile_backup_extension = '.bak'
 Path(log_path).mkdir(parents=True, exist_ok=True)
--- a/helmfile/apps/collabora/values.yaml.gotmpl
+++ b/helmfile/apps/collabora/values.yaml.gotmpl
@@ -84,6 +84,8 @@ ingress:
      hosts:
        - "{{ .Values.global.hosts.collabora }}.{{ .Values.global.domain }}"
 podAnnotations: {}
 podSecurityContext:
  fsGroup: 100
--- a/helmfile/apps/cryptpad/values.yaml.gotmpl
+++ b/helmfile/apps/cryptpad/values.yaml.gotmpl
@@ -53,6 +53,8 @@ ingress:
 persistence:
  enabled: false
 podAnnotations: {}
 podSecurityContext:
  fsGroup: 4001
--- a/helmfile/apps/element/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/element/helmfile-child.yaml.gotmpl
@@ -32,52 +32,6 @@ repositories:
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
  - name: "synapse-create-account-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.synapseCreateAccount.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}"
  # openDesk Matrix Widgets
  # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets
  - name: "matrix-user-verification-service-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.matrixUserVerificationService.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/{{ .Values.charts.matrixUserVerificationService.repository }}"
  - name: "matrix-neoboard-widget-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
  - name: "matrix-neochoice-widget-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
  - name: "matrix-neodatefix-widget-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}"
  - name: "matrix-neodatefix-bot-repo"
    keyring: "../../files/gpg-pubkeys/opencode.gpg"
    verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
    username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
    password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
    oci: true
    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"
 releases:
  - name: "opendesk-element"
@@ -112,62 +66,6 @@ releases:
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "opendesk-matrix-user-verification-service-bootstrap"
    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
    version: "{{ .Values.charts.synapseCreateAccount.version }}"
    values:
      - "values-matrix-user-verification-service-bootstrap.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "opendesk-matrix-user-verification-service"
    chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
    version: "{{ .Values.charts.matrixUserVerificationService.version }}"
    values:
      - "values-matrix-user-verification-service.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "matrix-neoboard-widget"
    chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
    version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
    values:
      - "values-matrix-neoboard-widget.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "matrix-neochoice-widget"
    chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
    version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
    values:
      - "values-matrix-neochoice-widget.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "matrix-neodatefix-widget"
    chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
    version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
    values:
      - "values-matrix-neodatefix-widget.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "matrix-neodatefix-bot-bootstrap"
    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
    version: "{{ .Values.charts.synapseCreateAccount.version }}"
    values:
      - "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
  - name: "matrix-neodatefix-bot"
    chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
    version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
    values:
      - "values-matrix-neodatefix-bot.yaml.gotmpl"
    installed: {{ .Values.element.enabled }}
    timeout: 900
 commonLabels:
  deploy-stage: "component-1"
  component: "element"
--- a/helmfile/apps/element/values-element.yaml.gotmpl
+++ b/helmfile/apps/element/values-element.yaml.gotmpl
@@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0
 configuration:
  endToEndEncryption: true
  additionalConfiguration:
-    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
+    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
    "net.nordeck.element_web.module.opendesk":
      config:
@@ -20,86 +20,6 @@ configuration:
          --cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary | quote }}
          --cpd-color-text-action-accent: {{ .Values.theme.colors.primary | quote }}
    "net.nordeck.element_web.module.widget_lifecycle":
      widget_permissions:
        "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
          identity_approved: true
        "https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
          preload_approved: true
          capabilities_approved:
            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
            - org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
            - org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
            - org.matrix.msc2762.send.state_event:m.room.power_levels#
            - org.matrix.msc2762.receive.state_event:m.room.power_levels#
            - org.matrix.msc2762.receive.state_event:m.room.member
            - org.matrix.msc2762.receive.state_event:m.room.name
            - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
            - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
            - org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
            - org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
            - org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
            - org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
            - town.robin.msc3846.turn_servers
            - org.matrix.msc4039.upload_file
            - org.matrix.msc4039.download_file
        "https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
          preload_approved: true
          capabilities_approved:
            - org.matrix.msc2762.send.event:net.nordeck.poll.vote
            - org.matrix.msc2762.receive.event:net.nordeck.poll.vote
            - org.matrix.msc2762.send.state_event:net.nordeck.poll
            - org.matrix.msc2762.receive.state_event:net.nordeck.poll
            - org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
            - org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
            - org.matrix.msc2762.receive.state_event:m.room.power_levels
            - org.matrix.msc2762.receive.state_event:m.room.name
            - org.matrix.msc2762.receive.state_event:m.room.member
            - org.matrix.msc2762.send.state_event:net.nordeck.poll.group
            - org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
            - org.matrix.msc2762.send.event:net.nordeck.poll.start
            - org.matrix.msc2762.receive.event:net.nordeck.poll.start
        "https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
          preload_approved: true
          identity_approved: true
          capabilities_approved:
            - org.matrix.msc2931.navigate
            - org.matrix.msc2762.timeline:*
            - org.matrix.msc2762.receive.state_event:m.room.power_levels
            - org.matrix.msc2762.receive.event:m.reaction
            - org.matrix.msc2762.receive.state_event:m.room.create
            - org.matrix.msc2762.receive.state_event:m.room.tombstone
            - org.matrix.msc2762.receive.state_event:m.room.member
            - org.matrix.msc2762.send.state_event:m.room.member
            - org.matrix.msc2762.receive.state_event:m.room.name
            - org.matrix.msc2762.receive.state_event:m.room.topic
            - org.matrix.msc2762.receive.state_event:m.space.parent
            - org.matrix.msc2762.receive.state_event:m.space.child
            - org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
            - org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
            - org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
            - org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
            - org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
            - org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
            - org.matrix.msc3973.user_directory_search
  welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
@@ -137,6 +57,8 @@ ingress:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 101
--- a/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl
@@ -1,55 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  enabled: true
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.matrixNeoBoardWidget | toYaml | nindent 4 }}
 global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 image:
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoBoardWidget.registry | quote }}
  repository: {{ .Values.images.matrixNeoBoardWidget.repository | quote }}
  tag: {{ .Values.images.matrixNeoBoardWidget.tag | quote }}
 ingress:
  enabled: {{ .Values.ingress.enabled }}
  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
  tls:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podSecurityContext:
  enabled: true
  fsGroup: 101
 replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}
 resources:
  {{ .Values.resources.matrixNeoBoardWidget | toYaml | nindent 2 }}
 theme:
  {{ .Values.theme | toYaml | nindent 2 }}
 ...
--- a/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl
@@ -1,55 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  enabled: true
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.matrixNeoChoiceWidget | toYaml | nindent 4 }}
 global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 image:
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoChoiceWidget.registry | quote }}
  repository: {{ .Values.images.matrixNeoChoiceWidget.repository | quote }}
  tag: {{ .Values.images.matrixNeoChoiceWidget.tag | quote }}
 ingress:
  enabled: {{ .Values.ingress.enabled }}
  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
  tls:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podSecurityContext:
  enabled: true
  fsGroup: 101
 replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}
 theme:
  {{ .Values.theme | toYaml | nindent 2 }}
 resources:
  {{ .Values.resources.matrixNeoChoiceWidget | toYaml | nindent 2 }}
 ...
--- a/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl
@@ -1,44 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 cleanup:
  deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
  deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
 configuration:
  username: "meetings-bot"
  pod: "opendesk-synapse-0"
  secretName: "matrix-neodatefix-bot-account"
  password: {{ .Values.secrets.matrixNeoDateFixBot.password | quote }}
 global:
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 image:
  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
  url: {{ .Values.images.synapseCreateUser.repository | quote }}
  tag: {{ .Values.images.synapseCreateUser.tag | quote }}
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 fullnameOverride: "matrix-neodatefix-bot-bootstrap"
 securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}
 ...
--- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
@@ -1,83 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 configuration:
  bot:
    username: "meetings-bot"
    displayname: "Terminplaner Bot"
  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
  strings:
    breakoutSessionWidgetName: "Breakoutsessions"
    calendarRoomName: "Terminplaner"
    calendarWidgetName: "Terminplaner"
    cockpitWidgetName: "Meeting Steuerung"
    jitsiWidgetName: "Videokonferenz"
    matrixNeoBoardWidgetName: "Whiteboard"
    matrixNeoChoiceWidgetName: "Abstimmungen"
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  enabled: true
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.matrixNeoDateFixBot | toYaml | nindent 4 }}
 extraEnvVars:
  - name: "ACCESS_TOKEN"
    valueFrom:
      secretKeyRef:
        name: "matrix-neodatefix-bot-account"
        key: "access_token"
 image:
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoDateFixBot.registry | quote }}
  repository: {{ .Values.images.matrixNeoDateFixBot.repository | quote }}
  tag: {{ .Values.images.matrixNeoDateFixBot.tag | quote }}
 ingress:
  enabled: {{ .Values.ingress.enabled }}
  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
  tls:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 livenessProbe:
  enabled: true
 persistence:
  size: {{ .Values.persistence.size.matrixNeoDateFixBot | quote }}
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
 podSecurityContext:
  enabled: true
  fsGroup: 101
 readinessProbe:
  enabled: true
 replicaCount: {{ .Values.replicas.matrixNeoDateFixBot }}
 resources:
  {{ .Values.resources.matrixNeoDateFixBot | toYaml | nindent 2 }}
 ...
--- a/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-widget.yaml.gotmpl
@@ -1,60 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 configuration:
  bot:
    username: "meetings-bot"
    homeserver: {{ .Values.global.matrixDomain | default .Values.global.domain }}
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  enabled: true
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.matrixNeoDateFixWidget | toYaml | nindent 4 }}
 global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 image:
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoDateFixWidget.registry | quote }}
  repository: {{ .Values.images.matrixNeoDateFixWidget.repository | quote }}
  tag: {{ .Values.images.matrixNeoDateFixWidget.tag | quote }}
 ingress:
  enabled: {{ .Values.ingress.enabled }}
  ingressClassName: {{ .Values.ingress.ingressClassName | quote }}
  tls:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podSecurityContext:
  enabled: true
  fsGroup: 101
 replicaCount: {{ .Values.replicas.matrixNeoDateFixWidget }}
 resources:
  {{ .Values.resources.matrixNeoDateFixWidget | toYaml | nindent 2 }}
 theme:
  {{ .Values.theme | toYaml | nindent 2 }}
 ...
--- a/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-user-verification-service-bootstrap.yaml.gotmpl
@@ -1,43 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 cleanup:
  deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
  deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
 configuration:
  username: "uvs"
  pod: "opendesk-synapse-0"
  secretName: "opendesk-matrix-user-verification-service-account"
  password: {{ .Values.secrets.matrixUserVerificationService.password | quote }}
 global:
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 image:
  registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.synapseCreateUser.registry | quote }}
  url: {{ .Values.images.synapseCreateUser.repository | quote }}
  tag: {{ .Values.images.synapseCreateUser.tag | quote }}
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 fullnameOverride: "opendesk-matrix-user-verification-service-bootstrap"
 securityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  privileged: false
  readOnlyRootFilesystem: true
  runAsGroup: 101
  runAsNonRoot: true
  runAsUser: 101
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.synapseCreateUser | toYaml | nindent 4 }}
 ...
--- a/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-user-verification-service.yaml.gotmpl
@@ -1,54 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
    drop:
      - "ALL"
  enabled: true
  privileged: false
  readOnlyRootFilesystem: false
  runAsGroup: 0
  runAsNonRoot: false
  runAsUser: 0
  seccompProfile:
    type: "RuntimeDefault"
  seLinuxOptions:
    {{ .Values.seLinuxOptions.matrixUserVerificationService | toYaml | nindent 4 }}
 extraEnvVars:
  - name: "UVS_ACCESS_TOKEN"
    valueFrom:
      secretKeyRef:
        name: "opendesk-matrix-user-verification-service-account"
        key: "access_token"
  - name: "UVS_DISABLE_IP_BLACKLIST"
    value: "true"
 global:
  domain: {{ .Values.global.domain | quote }}
  hosts:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 image:
  imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixUserVerificationService.registry | quote }}
  repository: {{ .Values.images.matrixUserVerificationService.repository | quote }}
  tag: {{ .Values.images.matrixUserVerificationService.tag | quote }}
 podSecurityContext:
  enabled: true
  fsGroup: 101
 replicaCount: {{ .Values.replicas.matrixUserVerificationService }}
 resources:
  {{ .Values.resources.matrixUserVerificationService | toYaml | nindent 2 }}
 ...
--- a/helmfile/apps/element/values-synapse-web.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse-web.yaml.gotmpl
@@ -51,6 +51,8 @@ ingress:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 101
--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -12,18 +12,7 @@ configuration:
    room_prejoin_state:
      additional_event_types:
        - "m.space.parent"
        - "net.nordeck.meetings.metadata"
        - "m.room.power_levels"
    # When a user logs into Element a parallel request is done through Intercom Service to allow Synapse API
    # interaction, to avoid (temporary) blocking of the user for followup logins we want to raise the limits.
    # https://matrix-org.github.io/synapse/v1.59/usage/configuration/config_documentation.html#ratelimiting
    rc_login:
      account:
        per_second: 2
        burst_count: 8
      address:
        per_second: 2
        burst_count: 12
  database:
    host: {{ .Values.databases.synapse.host | quote }}
@@ -33,25 +22,6 @@ configuration:
  homeserver:
    serverName: {{ .Values.global.matrixDomain | default .Values.global.domain }}
    appServiceConfigs:
      - as_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
        hs_token: {{ .Values.secrets.intercom.synapseAsToken | quote }}
        id: intercom-service
        namespaces:
          users:
            - exclusive: false
              regex: "@.*"
        url: null
        sender_localpart: intercom-service
      - as_token: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }}
        hs_token: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }}
        id: ox-appsuite
        namespaces:
          users:
            - exclusive: false
              regex: "@.*"
        url: null
        sender_localpart: ox-appsuite
    presence:
      enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }}
@@ -90,14 +60,6 @@ configuration:
          transport: {{ .Values.turn.transport | quote }}
        {{- end }}
    guestModule:
      enabled: true
      image:
        imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
        registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.synapseGuestModule.registry | quote }}
        repository: {{ .Values.images.synapseGuestModule.repository | quote }}
        tag: {{ .Values.images.synapseGuestModule.tag | quote }}
 containerSecurityContext:
  allowPrivilegeEscalation: false
  capabilities:
@@ -141,6 +103,8 @@ persistence:
  size: {{ .Values.persistence.size.synapse | quote }}
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 10991
--- a/helmfile/apps/element/values-well-known.yaml.gotmpl
+++ b/helmfile/apps/element/values-well-known.yaml.gotmpl
@@ -45,6 +45,8 @@ ingress:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 101
--- a/helmfile/apps/intercom-service/values.yaml.gotmpl
+++ b/helmfile/apps/intercom-service/values.yaml.gotmpl
@@ -72,6 +72,13 @@ ingress:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 1000
  fsGroupChangePolicy: "Always"
 provisioning:
  enabled: true
  config:
@@ -91,12 +98,6 @@ provisioning:
      credentialSecret:
        key: "ics_secret"
 podSecurityContext:
  enabled: true
  fsGroup: 1000
  fsGroupChangePolicy: "Always"
 replicaCount: {{ .Values.replicas.intercomService }}
 resources:
--- a/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
+++ b/helmfile/apps/jitsi/values-jitsi.yaml.gotmpl
@@ -10,6 +10,7 @@ global:
    {{ .Values.global.hosts | toYaml | nindent 4 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
  podAnnotations: {}
 containerSecurityContext:
  allowPrivilegeEscalation: false
@@ -215,6 +216,9 @@ patchJVB:
    registry: {{ coalesce .Values.repositories.image.dockerHub .Values.global.imageRegistry .Values.images.jitsiPatchJVB.registry | quote }}
    repository: {{ .Values.images.jitsiPatchJVB.repository | quote }}
    tag: {{ .Values.images.jitsiPatchJVB.tag | quote }}
 podAnnotations: {}
 replicaCount: {{ .Values.replicas.jitsiKeycloakAdapter }}
 resources:
--- a/helmfile/apps/migrations-post/values.yaml.gotmpl
+++ b/helmfile/apps/migrations-post/values.yaml.gotmpl
@@ -3,6 +3,8 @@
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 podAnnotations: {}
 migrations:
  stage: "POST"
 ...
--- a/helmfile/apps/migrations-pre/values.yaml.gotmpl
+++ b/helmfile/apps/migrations-pre/values.yaml.gotmpl
@@ -3,6 +3,8 @@
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 podAnnotations: {}
 migrations:
  stage: "PRE"
 ...
--- a/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl
@@ -32,6 +32,7 @@ exporter:
    repository: "{{ .Values.images.nextcloudExporter.repository }}"
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    tag: {{ .Values.images.nextcloudExporter.tag | quote }}
  podAnnotations: {}
  prometheus:
    serviceMonitor:
      enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
@@ -91,6 +92,7 @@ php:
    repository: "{{ .Values.images.nextcloudPHP.repository }}"
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    tag: {{ .Values.images.nextcloudPHP.tag | quote }}
  podAnnotations: {}
  prometheus:
    serviceMonitor:
      enabled: {{ .Values.monitoring.prometheus.serviceMonitors.enabled }}
@@ -142,6 +144,7 @@ apache2:
    repository: {{ .Values.images.nextcloudApache2.repository | quote }}
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    tag: {{ .Values.images.nextcloudApache2.tag | quote }}
  podAnnotations: {}
  replicaCount: {{ .Values.replicas.nextcloudApache2 }}
  resources:
    {{ .Values.resources.nextcloudApache2 | toYaml | nindent 4 }}
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -79,7 +79,6 @@ global:
        repository: {{ .Values.images.nubusPortalExtension.repository }}
        tag: {{ .Values.images.nubusPortalExtension.tag }}
        imagePullPolicy: {{ .Values.global.imagePullPolicy }}
        imagePullPolicy: "IfNotPresent"
  configUcr:
    directory:
      manager:
@@ -140,6 +139,7 @@ ingress:
  certManager:
    enabled: false
  tls:
    enabled: {{ .Values.ingress.tls.enabled }}
    secretName: {{ .Values.ingress.tls.secretName | quote }}
 # Nubus bundled services
@@ -194,6 +194,7 @@ nubusGuardian:
    certManager:
      enabled: false
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}
  postgresql:
    connection:
@@ -219,8 +220,14 @@ nubusNotificationsApi:
    certManager:
      enabled: false
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 nubusPortalFrontend:
  ingress:
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName }}
 nubusKeycloakExtensions:
  keycloak:
@@ -247,6 +254,7 @@ nubusKeycloakExtensions:
      certManager:
        enabled: false
      tls:
        enabled: {{ .Values.ingress.tls.enabled }}
        secretName: {{ .Values.ingress.tls.secretName | quote }}
@@ -313,6 +321,7 @@ nubusPortalServer:
    certManager:
      enabled: false
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 nubusUdmRestApi:
@@ -320,9 +329,15 @@ nubusUdmRestApi:
    certManager:
      enabled: false
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 nubusProvisioning:
  nats:
    config:
      lame_duck_grace_period: |
        10s
              max_payload: 16MB
  enabled: true
 nubusUdmListener:
@@ -336,6 +351,9 @@ nubusSelfServiceConsumer:
 # Nubus services
 nubusStackDataUms:
  additionalAnnotations:
    argocd.argoproj.io/hook: "Sync"
    argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
  stackDataContext:
    umcPostgresqlHostname: {{ .Values.databases.umsSelfservice.host | quote }}
    umcPostgresqlUsername: {{ .Values.databases.umsSelfservice.username | quote }}
@@ -422,6 +440,7 @@ nubusUmcServer:
    certManager:
      enabled: false
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 nubusUmcGateway:
@@ -431,9 +450,12 @@ nubusUmcGateway:
    certManager:
      enabled: false
    tls:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}
 nubusKeycloakBootstrap:
  additionalAnnotations:
    argocd.argoproj.io/hook: "Sync"
  keycloak:
    auth:
      username: "kcadmin"
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -160,10 +160,8 @@ nubusLdapServer:
      stringData:
        30-purge.sh: |
          #!/usr/bin/env bash
          me=$(basename "$0")
          echo "- Running ${me}"
          if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
            echo "- Cleaning up /var/lib/univention-ldap."
            cd /var/lib/univention-ldap
@@ -175,25 +173,29 @@ nubusLdapServer:
          fi
        95-slapadd-24-ldif.sh: |
          #!/usr/bin/env bash
          me=$(basename "$0")
          echo "- Running ${me}"
          ls -l /var/lib/univention-ldap
          if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
-            echo "- slapadd-ing /var/lib/univention-ldap/ldap-24-export.ldif, but not before deleting the directories /var/lib/univention-ldap/ldap and ./internal"
+            echo "- slapadd-ing /var/lib/univention-ldap/ldap-24-export.ldif"
            ls -l /var/lib/univention-ldap/
            rm -rf /var/lib/univention-ldap/ldap
            rm -rf /var/lib/univention-ldap/internal
            echo "- deleted /var/lib/univention-ldap/ldap and /var/lib/univention-ldap/internal"
            ls -l /var/lib/univention-ldap/
            mkdir /var/lib/univention-ldap/ldap
            mkdir /var/lib/univention-ldap/internal
-            /usr/sbin/slapadd -l /var/lib/univention-ldap/ldap-24-export.ldif
+            echo "- created /var/lib/univention-ldap/ldap and /var/lib/univention-ldap/internal"
            ls -l /var/lib/univention-ldap/
            /usr/sbin/slapadd -v -l /var/lib/univention-ldap/ldap-24-export.ldif
            echo "- slapadd executed"
            ls -l /var/lib/univention-ldap/
            mv /var/lib/univention-ldap/ldap-24-export.ldif /var/lib/univention-ldap/ldap-24-export.ldif-imported
            echo "- import file renamed"
            ls -l /var/lib/univention-ldap/
          else
            echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
          fi
 nubusPortalFrontend:
  additionalAnnotations:
    intents.otterize.com/service-name: "ums-portal-frontend"
--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -68,6 +68,9 @@ containerSecurityContext:
  seLinuxOptions:
    {{ .Values.seLinuxOptions.dovecot | toYaml | nindent 4 }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 1000
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
@@ -18,4 +18,8 @@ imagePullSecrets:
 {{- range .Values.global.imagePullSecrets }}
  - name: {{ . | quote }}
 {{- end }}
 podAnnotations:
  argocd.argoproj.io/hook: "Sync"
  argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
 ...
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -27,6 +27,7 @@ nextcloud-integration-ui:
  {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
  {{- end }}
  podAnnotations: {}
  replicaCount: {{ .Values.replicas.openxchangeNextcloudIntegrationUI }}
  resources:
    {{ .Values.resources.openxchangeNextcloudIntegrationUI | toYaml | nindent 4 }}
@@ -51,12 +52,14 @@ public-sector-ui:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangePublicSectorUI.registry | quote }}
    repository: {{ .Values.images.openxchangePublicSectorUI.repository | quote }}
    tag: {{ .Values.images.openxchangePublicSectorUI.tag | quote }}
    pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  imagePullSecrets:
  {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
  {{- end }}
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  replicaCount: {{ .Values.replicas.openxchangePublicSectorUI }}
  podAnnotations: {}
  resources:
    {{ .Values.resources.openxchangePublicSectorUI | toYaml | nindent 4 }}
  securityContext:
@@ -119,6 +122,7 @@ appsuite:
    jolokiaLogin: "jolokia"
    jolokiaPassword: {{ .Values.secrets.oxAppsuite.jolokiaPassword | quote }}
    hostname: "{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
    podAnnotations: {}
    serviceAccount:
      create: true
    features:
@@ -138,6 +142,7 @@ appsuite:
        tag: {{ .Values.images.openxchangeGotenberg.tag | quote }}
        pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
      replicaCount: {{ .Values.replicas.openxchangeGotenberg }}
      podAnnotations: {}
      resources:
        {{ .Values.resources.openxchangeGotenberg | toYaml | nindent 8 }}
      securityContext:
@@ -226,7 +231,7 @@ appsuite:
      # Old capability can be used to toggle all integrations with a single switch
      com.openexchange.capability.public-sector: "true"
      # New capabilities in 2.0
-      com.openexchange.capability.public-sector-element: "true"
+      com.openexchange.capability.public-sector-element: "false"
      com.openexchange.capability.public-sector-navigation: "true"
      com.openexchange.capability.client-onboarding: "true"
      com.openexchange.capability.dynamic-theme: "true"
@@ -376,6 +381,7 @@ appsuite:
      tag: {{ .Values.images.openxchangeCoreUI.tag | quote }}
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    replicaCount: {{ .Values.replicas.openxchangeCoreUI }}
    podAnnotations: {}
    resources:
      {{ .Values.resources.openxchangeCoreUI | toYaml | nindent 6 }}
    securityContext:
@@ -409,6 +415,7 @@ appsuite:
      tag: {{ .Values.images.openxchangeCoreUIMiddleware.tag | quote }}
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    overrides: {}
    podAnnotations: {}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreUIMiddleware }}
    resources:
@@ -447,6 +454,7 @@ appsuite:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
      repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
      tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
    podAnnotations: {}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
    resources:
@@ -494,6 +502,7 @@ appsuite:
      repository: {{ .Values.images.openxchangeCoreGuidedtours.repository | quote }}
      tag: {{ .Values.images.openxchangeCoreGuidedtours.tag | quote }}
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    podAnnotations: {}
    replicaCount: {{ .Values.replicas.openxchangeCoreGuidedtours }}
    resources:
      {{- .Values.resources.openxchangeCoreGuidedtours | toYaml | nindent 6 }}
@@ -528,6 +537,7 @@ appsuite:
          endpoint: "."
          accessKey: "."
          secretKey: "."
    podAnnotations: {}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreImageConverter }}
    resources:
@@ -560,6 +570,7 @@ appsuite:
      repository: {{ .Values.images.openxchangeGuardUI.repository | quote }}
      tag: {{ .Values.images.openxchangeGuardUI.tag | quote }}
      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    podAnnotations: {}
    replicaCount: {{ .Values.replicas.openxchangeGuardUI }}
    resources:
      {{- .Values.resources.openxchangeGuardUI | toYaml | nindent 6 }}
@@ -591,6 +602,7 @@ appsuite:
    {{- range .Values.global.imagePullSecrets }}
      - name: {{ . | quote }}
    {{- end }}
    podAnnotations: {}
    replicaCount: {{ .Values.replicas.openxchangeCoreUserGuide }}
    resources:
      {{- .Values.resources.openxchangeCoreUserGuide | toYaml | nindent 6 }}
--- a/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl
+++ b/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl
@@ -51,6 +51,8 @@ image:
 job:
  enabled: true
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 1000
--- a/helmfile/apps/openproject/values.yaml.gotmpl
+++ b/helmfile/apps/openproject/values.yaml.gotmpl
@@ -97,6 +97,8 @@ memcached:
 persistence:
  enabled: false
 podAnnotations: {}
 postgresql:
  bundled: false
  auth:
--- a/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/provisioning/values-oxconnector.yaml.gotmpl
@@ -44,6 +44,8 @@ resources:
 persistence:
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
 podAnnotations: {}
 ## Container deployment probes
 probes:
  liveness:
--- a/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl
+++ b/helmfile/apps/services/values-clamav-distributed.yaml.gotmpl
@@ -25,6 +25,7 @@ clamd:
    repository: {{ .Values.images.clamd.repository | quote }}
    tag: {{ .Values.images.clamd.tag | quote }}
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  podAnnotations: {}
  podSecurityContext:
    enabled: true
    fsGroup: 101
@@ -69,6 +70,7 @@ freshclam:
    repository: {{ .Values.images.freshclam.repository | quote }}
    tag: {{ .Values.images.freshclam.tag | quote }}
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  podAnnotations: {}
  podSecurityContext:
    enabled: true
    fsGroup: 101
@@ -110,6 +112,7 @@ icap:
    repository: {{ .Values.images.icap.repository | quote }}
    tag: {{ .Values.images.icap.tag | quote }}
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  podAnnotations: {}
  podSecurityContext:
    enabled: true
    fsGroup: 101
@@ -139,6 +142,7 @@ milter:
    repository: {{ .Values.images.milter.repository | quote }}
    tag: {{ .Values.images.milter.tag | quote }}
    imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  podAnnotations: {}
  podSecurityContext:
    enabled: true
    fsGroup: 101
--- a/helmfile/apps/services/values-clamav-simple.yaml.gotmpl
+++ b/helmfile/apps/services/values-clamav-simple.yaml.gotmpl
@@ -40,6 +40,8 @@ persistence:
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
  size: {{ .Values.persistence.size.clamav | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 101
--- a/helmfile/apps/services/values-mariadb.yaml.gotmpl
+++ b/helmfile/apps/services/values-mariadb.yaml.gotmpl
@@ -73,6 +73,8 @@ persistence:
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
  size: {{ .Values.persistence.size.mariadb | quote }}
 podAnnotations: {}
 podSecurityContext:
  enabled: true
  fsGroup: 1001
--- a/helmfile/apps/services/values-memcached.yaml.gotmpl
+++ b/helmfile/apps/services/values-memcached.yaml.gotmpl
@@ -32,6 +32,8 @@ image:
  tag: {{ .Values.images.memcached.tag | quote }}
  pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
 podAnnotations: {}
 replicaCount: {{ .Values.replicas.memcached }}
 resources:
--- a/helmfile/apps/services/values-minio.yaml.gotmpl
+++ b/helmfile/apps/services/values-minio.yaml.gotmpl
@@ -182,6 +182,8 @@ provisioning:
  resources:
    {{ .Values.resources.minio | toYaml | nindent 4 }}
 podAnnotations: {}
 readinessProbe:
  enabled: true
  initialDelaySeconds: 5
--- a/helmfile/apps/services/values-postfix.yaml.gotmpl
+++ b/helmfile/apps/services/values-postfix.yaml.gotmpl
@@ -76,6 +76,8 @@ postfix:
  virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
  virtualTransport: "lmtps:dovecot:24"
 podAnnotations: {}
 replicaCount: {{ .Values.replicas.postfix }}
 resources:
--- a/helmfile/apps/services/values-postgresql.yaml.gotmpl
+++ b/helmfile/apps/services/values-postgresql.yaml.gotmpl
@@ -90,6 +90,8 @@ persistence:
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
  size: {{ .Values.persistence.size.postgresql | quote }}
 podAnnotations: {}
 postgres:
  password: {{ .Values.secrets.postgresql.postgresUser | quote }}
--- a/helmfile/apps/services/values-redis.yaml.gotmpl
+++ b/helmfile/apps/services/values-redis.yaml.gotmpl
@@ -38,6 +38,7 @@ master:
  count: {{ .Values.replicas.redis }}
  persistence:
    size: {{ .Values.persistence.size.redis | quote }}
  podAnnotations: {}
  resources:
    {{ .Values.resources.redis | toYaml | nindent 4 }}
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -90,7 +90,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
    name: "opendesk-element"
-    version: "3.4.0"
+    version: "3.4.1"
    verify: true
  elementWellKnown:
    # providerCategory: "Platform"
@@ -100,7 +100,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
    name: "opendesk-well-known"
-    version: "3.4.0"
+    version: "3.4.1"
    verify: true
  home:
    # providerCategory: "Platform"
@@ -144,56 +144,6 @@ charts:
    name: "mariadb"
    version: "2.3.1"
    verify: true
  matrixNeoboardWidget:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry.opencode.de"
    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neoboard-widget"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
    name: "matrix-neoboard-widget"
    version: "3.5.0"
    verify: true
  matrixNeochoiseWidget:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry.opencode.de"
    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neochoice-widget"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
    name: "matrix-neochoice-widget"
    version: "3.5.0"
    verify: true
  matrixNeodatefixBot:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry.opencode.de"
    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neodatefix-bot"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
    name: "matrix-neodatefix-bot"
    version: "3.5.0"
    verify: true
  matrixNeodatefixWidget:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry.opencode.de"
    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets/matrix-neodatefix-widget"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets"
    name: "matrix-neodatefix-widget"
    version: "3.5.0"
    verify: true
  matrixUserVerificationService:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry.opencode.de"
    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-matrix-user-verification-service"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
    name: "opendesk-matrix-user-verification-service"
    version: "3.4.0"
    verify: true
  memcached:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -212,7 +162,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
    name: "opendesk-migrations"
-    version: "1.2.3"
+    version: "1.3.2"
    verify: true
  minio:
    # providerCategory: "Community"
@@ -274,7 +224,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
    name: "opendesk-keycloak-bootstrap"
-    version: "2.1.1"
+    version: "2.1.2"
    verify: true
  openproject:
    # providerCategory: "Supplier"
@@ -296,7 +246,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-openproject-bootstrap"
    name: "opendesk-openproject-bootstrap"
-    version: "1.3.0"
+    version: "2.0.0"
    verify: true
  openXchangeAppSuite:
    # providerCategory: "Supplier"
@@ -318,7 +268,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
    name: "opendesk-open-xchange-bootstrap"
-    version: "1.3.4"
+    version: "2.0.0"
    verify: true
  otterize:
    # providerCategory: "Platform"
@@ -380,17 +330,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
    name: "opendesk-synapse"
-    version: "3.4.0"
+    version: "3.4.1"
    verify: true
  synapseCreateAccount:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
    # upstreamRegistry: "https://registry.opencode.de"
    # upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-element/opendesk-synapse-create-account"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
    name: "opendesk-synapse-create-account"
    version: "3.4.0"
    verify: true
  synapseWeb:
    # providerCategory: "Platform"
@@ -400,7 +340,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
    name: "opendesk-synapse-web"
-    version: "3.4.0"
+    version: "3.4.1"
    verify: true
  xwiki:
    # providerCategory: "Supplier"
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -50,12 +50,10 @@ images:
    # providerCategory: "Supplier"
    # providerResponsible: "Element"
    # upstreamRegistry: "https://registry.opencode.de"
-    # upstreamRepository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
+    # upstreamRepository: "bmi/opendesk/components/supplier/element/images/opendesk-element-web"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["1", "8", "0"]
    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
+    repository: "bmi/opendesk/components/supplier/element/images/opendesk-element-web"
-    tag: "1.11.1@sha256:6ed72fccd302fc5891f31157bcffd14358e1f90f8b60d649fd261ba0f5d5fb91"
+    tag: "1.11.4-amd64@sha256:1785ca0dcb608939533ce50067fb17c2152ceff00ea4e17a4cd500930727687b"
  freshclam:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -148,56 +146,6 @@ images:
    registry: "registry-1.docker.io"
    repository: "library/mariadb"
    tag: "10.5@sha256:aa1ccc18000c32d1f39ac0b055117b27bffd93e622ec961d682de40fe2a1a95f"
  matrixNeoBoardWidget:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
    # upstreamRegistry: "https://ghcr.io"
    # upstreamRepository: "nordeck/matrix-neoboard-widget"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["1", "4", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-neoboard-widget"
    tag: "1.17.0@sha256:f4e711473ba99159c878177f0f9e750fd6d9555b7d8c266ac7040f053be19513"
  matrixNeoChoiceWidget:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
    # upstreamRegistry: "https://ghcr.io"
    # upstreamRepository: "nordeck/matrix-poll-widget"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["1", "4", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-poll-widget"
    tag: "1.4.0@sha256:216cb88aaa47449a15af9a531d60eee593cb1923c4e8fcc67c119982972911e5"
  matrixNeoDateFixBot:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
    # upstreamRegistry: "https://ghcr.io"
    # upstreamRepository: "nordeck/matrix-meetings-bot"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["2", "7", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-bot"
    tag: "2.8.0@sha256:db1d99c13a9facfd08a7da1d0a9c7c05715bad47110e93649ad6b389e462b42c"
  matrixNeoDateFixWidget:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
    # upstreamRegistry: "https://ghcr.io"
    # upstreamRepository: "nordeck/matrix-meetings-widget"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["1", "6", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-meetings-widget"
    tag: "1.6.1@sha256:70bebd9293a977124a5da955e1a520381129d476d6414a083093c1b48a55dadd"
  matrixUserVerificationService:
    # providerCategory: "Supplier"
    # providerResponsible: "Element"
    # upstreamRegistry: "https://registry-1.docker.io"
    # upstreamRepository: "matrixdotorg/matrix-user-verification-service"
    # upstreamMirrorTagFilterRegEx: '^v(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["3", "0", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/element/images-mirror/matrix-user-verification-service"
    tag: "v3.0.0@sha256:25e685d595785e2a72e75a525dac78cf8c782445454f8ac090d3702431c38008"
  memcached:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -213,7 +161,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.2.2@sha256:32afdd71c5b8003ed1609e389494ce10c715c5db64d4ed32a74d65b0f0227e64"
+    tag: "1.3.9@sha256:dee06e4da27ff67cad12ba990aca58ca81eae89a02dfe4831bd3e9c67c08ddcf"
  milter:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -788,25 +736,7 @@ images:
    # upstreamMirrorStartFrom: ["1", "91", "2"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
-    tag: "v1.108.0@sha256:0754a5c372f4cfb5f69f58ad4b70d05bc2e380354f1b0c9101611e9157082712"
+    tag: "v1.115.0@sha256:abf4a5b5b2030f7deb555a8ec7b945607db9e98b057eb06364e66ba8308bdd40"
  synapseCreateUser:
    # providerCategory: "Community"
    # providerResponsible: "Nordeck"
    # upstreamRegistry: "https://registry-1.docker.io"
    # upstreamRepository: "alpine/k8s"
    registry: "registry-1.docker.io"
    repository: "alpine/k8s"
    tag: "1.30.0@sha256:d7a11b7032550e992667fd7725b039dcd639270fbceec368d7e66e3d9e41ee15"
  synapseGuestModule:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
    # upstreamRegistry: "https://ghcr.io"
    # upstreamRepository: "nordeck/synapse-guest-module"
    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
    # upstreamMirrorStartFrom: ["1", "0", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/synapse-guest-module"
    tag: "1.0.0@sha256:6b3b17183a7d163148cc1bc5342604682ec67d898394fc743db2f339e61c722e"
  synapseWeb:
    # providerCategory: "Community"
    # providerResponsible: "Element"
--- a/helmfile/environments/test/values.yaml.gotmpl
+++ b/helmfile/environments/test/values.yaml.gotmpl
@@ -1,102 +0,0 @@
 {{/*
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 global:
  imageRegistry: "my_private_registry.domain.tld"
  imagePullSecrets:
    - "kyverno-test"
  imagePullPolicy: "kyverno"
 persistence:
  storageClassNames:
    RWX: "kyverno-test"
    RWO: "kyverno-test"
  size:
    clamav: "42Gi"
    dovecot: "42Gi"
    mariadb: "42Gi"
    matrixNeoDateFixBot: "42Gi"
    minio: "42Gi"
    nubus:
      ldapServerData: "42Gi"
      ldapServerShared: "42Gi"
      portalConsumer: "42Gi"
    postfix: "42Gi"
    postgresql: "42Gi"
    prosody: "42Gi"
    redis: "42Gi"
    synapse: "42Gi"
    xwiki: "42Gi"
 ingress:
  ingressClassName: "kyverno"
  tls:
    enabled: true
    secretName: "kyverno-tls"
 replicas:
  clamav: 42
  clamd: 42
  collabora: 42
  cryptpad: 42
  dovecot: 42
  element: 42
  freshclam: 42
  icap: 42
  intercomService: 42
  jibri: 42
  jicofo: 42
  jitsi: 42
  jitsiKeycloakAdapter: 42
  jvb: 42
  keycloak: 42
  mariadb: 42
  matrixNeoBoardWidget: 42
  matrixNeoChoiceWidget: 42
  matrixNeoDateFixBot: 42
  matrixNeoDateFixWidget: 42
  matrixUserVerificationService: 42
  memcached: 42
  milter: 42
  minio: 42
  nextcloudApache2: 42
  nextcloudExporter: 42
  nextcloudPHP: 42
  openprojectWeb: 42
  openprojectWorker: 42
  openxchangeCoreGuidedtours: 42
  openxchangeCoreMW: 42
  openxchangeCoreUI: 42
  openxchangeCoreUIMiddleware: 42
  openxchangeCoreUserGuide: 42
  openxchangeDocumentConverter: 42
  openxchangeGotenberg: 42
  openxchangeGuardUI: 42
  openxchangeImageConverter: 42
  openxchangeNextcloudIntegrationUI: 42
  openxchangePublicSectorUI: 42
  oxConnector: 42
  postfix: 42
  postgres: 42
  redis: 42
  synapse: 42
  synapseWeb: 42
  umsGuardianAuthorizationApi: 42
  umsGuardianManagementApi: 42
  umsGuardianManagementUi: 42
  umsGuardianOpenPolicyAgent: 42
  umsKeycloakExtensionsHandler: 42
  umsKeycloakExtensionsProxy: 42
  umsLdapNotifier: 42
  umsLdapServer: 42
  umsNotificationsApi: 42
  umsPortalFrontend: 42
  umsPortalConsumer: 42
  umsPortalServer: 42
  umsSelfserviceConsumer: 42
  umsStackGateway: 42
  umsUdmRestApi: 42
  umsUmcGateway: 42
  umsUmcServer: 42
  wellKnown: 42
  xwiki: 42
 ...
Author	SHA1	Message	Date
Johannes Lohmer	1e93593296	fix(nubus): Temporary fix to set the maximum nats payload message size to 16MB	2024-09-24 14:11:31 +02:00
Thorsten Roßner	6b802961ed	fix(nubus): Add LDAP 2.4 import scripts, update migrations and opendesk-keycloak-boostrap chart.	2024-09-24 07:21:55 +02:00
Juan Pedro Torres	675f24688a	fix(opendesk-keycloak-bootstrap): Client creation fix Adjusts the configuration of the guardian related clientids.	2024-09-24 05:21:16 +00:00
Johannes Bornhold	46be603b9a	fix(nubus): Set opendesk-keycloak-bootstrap back to version 2.1.1 The changed chart is not needed.	2024-09-24 05:21:16 +00:00
Thorsten Roßner	2ad356597e	fix(nubus): Add `opendesk-intercom` to the list of managed OIDC clients.	2024-09-24 05:21:16 +00:00
Jaime Conde	6da81d4327	fix(nubus): Update opendesk-nubus to version 1.5.0 This restores systemInformation.	2024-09-24 05:21:16 +00:00
Johannes Bornhold	36a66eece5	fix(nubus): Update Nubus chart and images to version 0.57.3 This includes a fix in the portal-frontend which is needed in order to use the latest e2e test suite of Nubus.	2024-09-24 05:21:16 +00:00
Johannes Bornhold	664f330d8d	fix(nubus): Remove commented out password policy related configuration	2024-09-24 05:21:16 +00:00
Johannes Bornhold	3c17ed2d6e	fix(nubus): Remove values related to stack-data-swp	2024-09-24 05:21:16 +00:00
Johannes Bornhold	2538462b07	fix(nubus): Remove accidentally added values into stack-data-swp	2024-09-24 05:21:16 +00:00
Johannes Lohmer	65681420e9	fix(nubus): Update chart and images to version 0.57.2	2024-09-24 05:21:16 +00:00
Johannes Bornhold	2f7ea3f489	fix(nubus): Configure "global.subDomains" based on "global.hosts"	2024-09-24 05:21:16 +00:00
Nubus CI Bot	39dab58621	feat(nubus): Update chart and images to version 0.56.1	2024-09-24 05:21:16 +00:00
Johannes Bornhold	09c71c2fba	fix(ci): Correct the way how credentials for the RUN_TESTS job are extracted	2024-09-24 05:21:16 +00:00
Carlos García-Mauriño	3ecaffda0d	chore(nubus): Remove installUmcPolicies option	2024-09-24 05:21:16 +00:00
Johannes Bornhold	9e776ed7dd	fix(nubus): Update images to match version 0.56.0	2024-09-24 05:21:16 +00:00
Carlos García-Mauriño	504b5155c0	feat(nubus): Upgrade nubus chart to 0.56.0	2024-09-24 05:21:16 +00:00
Nubus CI Bot	6bc6b52d56	feat(nubus): Update chart to version 0.54.1-pre-jlohmer-consumer-race-condition	2024-09-24 05:21:16 +00:00
Johannes Lohmer	f41d6feecb	fix(nubus): Clean up portal-listener and selfservice-listener artifacts	2024-09-24 05:21:16 +00:00
Johannes Lohmer	de49de05ce	fix(nubus): Use helmfile secrets in provisioning and remove unused secrets.	2024-09-24 05:21:16 +00:00
Johannes Lohmer	d8935ac669	feat(nubus): Activate Nubus Provisioning components and Consumers to replace portal-listener and selfservice-listener	2024-09-24 05:21:16 +00:00
Johannes Lohmer	22c7e724fd	fix(nubus): Keep provisioning and consumers behind a feature-flag for easier merging This commit should be reverted once we are confident that provisioning and the consumers work as expected.	2024-09-24 05:21:16 +00:00
Johannes Lohmer	89ef102693	fix(nubus): Update nubus provisioning and consumer configuration	2024-09-24 05:21:16 +00:00
Nubus CI Bot	1f7f820583	feat(nubus): Update chart to version 0.51.0	2024-09-24 05:21:16 +00:00
Juan Pedro Torres	13e0073a4e	feat(nubus): Bump chart version for default tiles removal	2024-09-24 05:21:16 +00:00
Johannes Bornhold	6674609556	fix(nubus): Adjust keyring for intercom service	2024-09-24 05:21:16 +00:00
Nubus CI Bot	cd186f443a	feat(nubus): Integrate keycloak provisioning	2024-09-24 05:21:16 +00:00
Juan Pedro Torres	ddd027b108	feat(nubus): Bump chart version for default tiles removal	2024-09-24 05:21:16 +00:00
Nubus CI Bot	c8ebc6100f	feat(nubus): Update chart to version 0.47.0	2024-09-24 05:21:16 +00:00
Jaime Conde	66d85666d3	fix(nubus): Map Administrator credentials	2024-09-24 05:21:16 +00:00
Jaime Conde	d43f34d722	fix(nubus): Univention Portal images	2024-09-24 05:21:16 +00:00
Nubus CI Bot	d027c360c7	feat(nubus): Update chart to version 0.45.0	2024-09-24 05:21:16 +00:00
Carlos García-Mauriño	04e267fb1d	feat(nubus): Update charts and images	2024-09-24 05:21:16 +00:00
Carlos García-Mauriño	6ea1a6ca39	fix(nubus): Configure stackDataContext	2024-09-24 05:21:16 +00:00
Carlos García-Mauriño	a2f1daedbc	feat(nubus): Add custom UCR values	2024-09-24 05:21:16 +00:00
Juan Pedro Torres	37c9b97ddd	fix(nubus): Cleanup values	2024-09-24 05:21:16 +00:00
Juan Pedro Torres	9127b07c0d	feat(nubus): Upgrade Keycloak version	2024-09-24 05:21:16 +00:00
Juan Pedro Torres	4b6b836000	fix(nubus): Fix Keycloak init race condition	2024-09-24 05:21:16 +00:00
Juan Pedro Torres	dceefc5c3d	feat(nubus): Bump Nubus version to 0.41.0, readonly user from Nubus	2024-09-24 05:21:16 +00:00
Jaime Conde	d6148ff3c4	fix(nubus): Use Nubus LDAP server image	2024-09-24 05:21:16 +00:00
Nubus CI Bot	384707fbee	feat(nubus): Update ldap-server with umc-server license fix	2024-09-24 05:21:16 +00:00
Johannes Lohmer	2b16fd3c76	fix(nubus): Comments are not allowed in images.yaml	2024-09-24 05:21:16 +00:00
Johannes Lohmer	3b18192405	fix(nubus): Keep provisioning and consumers behind a feature-flag for easier merging This commit should be reverted once we are confident that provisioning and the consumers work as expected.	2024-09-24 05:21:16 +00:00
Johannes Lohmer	b371615108	fix(nubus): Update nubus provisioning and consumer configuration	2024-09-24 05:21:16 +00:00
Johannes Lohmer	7a17e238d6	feat(nubus): Update nubus chart and images to version 0.39.2	2024-09-24 05:21:16 +00:00
Johannes Bornhold	576ca1402e	fix(nubus): Disable certManager	2024-09-24 05:21:16 +00:00
Johannes Bornhold	65cf621687	fix(nubus): Support "ingress.tls.secretName"	2024-09-24 05:21:16 +00:00
Thorsten Roßner	12680e5c1a	fix(element): Update Synapse to v0.1150.	2024-09-23 14:44:55 +00:00
Thorsten Roßner	592f03135f	fix(helmfile): Switch fom dep5 to REUSE.toml.	2024-09-23 11:27:33 +02:00
Thorsten Roßner	bdc6ad2864	fix(element): Use Element upstream without widgets.	2024-09-19 12:12:55 +00:00
Dominik Kaminski	57f70b876a	chore(helmfile): Add test environment to gitignore	2024-09-19 13:23:42 +02:00
Dominik Kaminski	e9f779049c	ci(gitlab): Update to openDesk CLI v2.5.0	2024-09-19 13:22:06 +02:00
Dominik Kaminski	9f081d8567	feat(helmfile): Add support for argocd git-ops deployment	2024-09-18 23:30:33 +02:00