fix(element): Bump NeoBoard Widget to v1.20.0

Signed-off-by: Milton Moura <miltonmoura@gmail.com>

.gitlab-ci.yml

@@ -429,11 +429,11 @@ env-stop:
 
 .ums-default-password: &ums-default-password
   - |
-    DEFAULT_ADMINISTRATOR_PASSWORD=$(
+    DEFAULT_USER_PASSWORD=$( \
-       kubectl \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.user_password}' | base64 -d \
-         -n ${NAMESPACE} \
+    )
-         get secret ums-nubus-credentials \
+    DEFAULT_ADMIN_PASSWORD=$(
-         -o jsonpath='{.data.administrator_password}' | base64 -d \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.admin_password}' | base64 -d \
     )
 
 run-tests:
@@ -464,8 +464,10 @@ run-tests:
           \"namespace\": \"${NAMESPACE}\", \
           \"url\": \"https://portal.${DOMAIN}/\", \
           \"language\": \"${LANGUAGE}\", \
-          \"udm_api_username\": \"Administrator\", \
+          \"user_name\": \"${DEFAULT_USER_NAME}\", \
-          \"udm_api_password\": \"${DEFAULT_ADMINISTRATOR_PASSWORD}\", \
+          \"user_password\": \"${DEFAULT_USER_PASSWORD}\", \
+          \"admin_name\": \"${DEFAULT_ADMIN_NAME}\", \
+          \"admin_password\": \"${DEFAULT_ADMIN_PASSWORD}\", \
           \"screenshot_test\": \"yes\", \
           \"screenshot_before_step\": \"yes\", \
           \"screenshot_after_step\": \"yes\", \

README.md

@@ -34,7 +34,7 @@ openDesk currently features the following functional main components:
 | Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                      | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
 | File management      | Nextcloud                   | [29.0.7](https://nextcloud.com/de/changelog/#29-0-7)                                  | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                                  |
 | Groupware            | OX App Suite                | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
-| Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
+| Knowledge management | XWiki                       | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
 | Project management   | OpenProject                 | [14.5.1](https://www.openproject.org/docs/release-notes/14-5-1/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |

docs/migrations.md

@@ -9,11 +9,11 @@ SPDX-License-Identifier: Apache-2.0
 * [Releases upgrades](#releases-upgrades)
   * [From v0.9.0](#from-v090)
     * [Changed openDesk defaults](#changed-opendesk-defaults)
-      * [Removal of unnecessary OX-Profiles in Nubus](#removal-of-unnecessary-ox-profiles-in-nubus)
       * [MatrixID localpart update](#matrixid-localpart-update)
       * [File-share configurability](#file-share-configurability)
       * [Updated default subdomains in `global.hosts`](#updated-default-subdomains-in-globalhosts)
       * [Updated `global.imagePullSecrets`](#updated-globalimagepullsecrets)
+      * [Removal of unnecessary OX-Profiles in Nubus](#removal-of-unnecessary-ox-profiles-in-nubus)
       * [Dedicated group for access of the UDM REST API](#dedicated-group-for-access-of-the-udm-rest-api)
     * [Automated migrations](#automated-migrations)
       * [Local Postfix as Relay](#local-postfix-as-relay)
@@ -42,36 +42,6 @@ Though we try to ease the pain when it comes to 0.x upgrades. That is what this
 
 ### Changed openDesk defaults
 
-
-#### Removal of unnecessary OX-Profiles in Nubus
-
-**Warning: If you do not address this section with your current deployment the upgrade will fail.**
-
-The update will remove unnecessary OX-Profiles in Nubus, but can't as long as these profiles are in use.
-
-So please ensure that only the following two supported profiles are assigned to your users:
-- `opendesk_standard`: "opendesk Standard"
-- `none`: "Login disabled"
-
-You can review and update other accounts as follows:
-- Login as IAM admin.
-- Open the user module.
-- Open the extended search by clicking the funnel (Trichter) icon next to the search input field.
-- Open the "Property" (Eigenschaft) list and select "OX Access" (OX-Berechtigung).
-- In the input field right next to the list enter an asterisk (*).
-- Start the search by clicking once more on the funnel icon.
-- Sort the result list for the "OX Access" column
-- Edit every user that has a value different to `opendesk_standard` or `none`:
-  - Open the user.
-  - Go to section "OX App Suite".
-  - Change the value in the dropdown "OX Access" to either:
-    - "openDesk Standard" if the user should be able to use the Groupware module or
-    - "Login disabled" if the user should not user the Groupware module.
-    - Update the user account with the green "SAVE" button on top of the page.
-
-Please check the "OX Access" setting of the user `Administrator` explicitly as that user is likely not to
-show up in the search described above.
-
 #### MatrixID localpart update
 
 Until 0.9.0 openDesk used the LDAP entryUUID of a user to generate the user's MatrixID. Due to restrictions of the
@@ -195,6 +165,30 @@ global:
     - "external-registry"
 ```
 
+#### Removal of unnecessary OX-Profiles in Nubus
+
+The update will remove unnecessary OX-Profiles in Nubus, but can't as long as these profiles are in use.
+
+So please ensure that only the following two supported profiles are assigned to your users:
+- `opendesk_standard`: "opendesk Standard"
+- `none`: "Login disabled"
+
+You can check and update the profiles as follows:
+- Login as IAM admin.
+- Open the user module.
+- Open the extended search by clicking the funnel (Trichter) icon next to the search input field.
+- Open the "Property" (Eigenschaft) list and select "OX Access" (OX-Berechtigung).
+- In the input field right next to the list enter an asterisk (*).
+- Start the search by clicking once more on the funnel icon.
+- Sort the result list for the "OX Access" column
+- Edit every user that has a value different to `opendesk_standard` or `none`:
+  - Open the user.
+  - Go to section "OX App Suite".
+  - Change the value in the dropdown "OX Access" to either:
+    - "openDesk Standard" if the user should be able to use the Groupware module or
+    - "Login disabled" if the user should not user the Groupware module.
+    - Update the user account with the green "SAVE" button on top of the page.
+
 #### Dedicated group for access of the UDM REST API
 
 Prerequisite: You allow the use of the [IAM's API](https://docs.software-univention.de/developer-reference/5.0/en/udm/rest-api.html)

helmfile/apps/collabora/values.yaml.gotmpl

@@ -8,13 +8,7 @@ autoscaling:
   enabled: false
 
 collabora:
-  extra_params: >
+  extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=0 --o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/richdocuments/settings/fonts.json"
-    --o:ssl.enable=false
-    --o:ssl.termination=true
-    --o:fetch_update_check=0
-    --o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/richdocuments/settings/fonts.json
-    --o:net.proto={{ if eq .Values.cluster.networking.ipFamilies "DualStack" }}all{{ else }}{{ .Values.cluster.networking.ipFamilies }}{{ end }}
-
   username: "collabora-internal-admin"
   password: {{ .Values.secrets.collabora.adminPassword | quote }}
   aliasgroups:

helmfile/apps/element/values-element.yaml.gotmpl

@@ -7,6 +7,10 @@ SPDX-License-Identifier: Apache-2.0
 configuration:
   endToEndEncryption: true
   additionalConfiguration:
+  {{- if not .Values.configuration.homeserver.guestModule.enabled }}
+    disable_guests: true
+  {{- end }}
+
     logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
 
     "net.nordeck.element_web.module.opendesk":

helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl

@@ -14,16 +14,16 @@ global:
 configuration:
   bot:
     username: "meetings-bot"
-    display name: "Terminplaner Bot"
+    display name: "Scheduler Bot"
   openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
   strings:
-    breakoutSessionWidgetName: "Breakoutsessions"
+    breakoutSessionWidgetName: "Breakout Sessions"
-    calendarRoomName: "Terminplaner"
+    calendarRoomName: "Scheduler"
-    calendarWidgetName: "Terminplaner"
+    calendarWidgetName: "Scheduler"
-    cockpitWidgetName: "Meeting Steuerung"
+    cockpitWidgetName: "Meeting control"
-    jitsiWidgetName: "Videokonferenz"
+    jitsiWidgetName: "Video conference"
     matrixNeoBoardWidgetName: "Whiteboard"
-    matrixNeoChoiceWidgetName: "Abstimmungen"
+    matrixNeoChoiceWidgetName: "Votes"
 
 containerSecurityContext:
   allowPrivilegeEscalation: false

helmfile/apps/element/values-synapse.yaml.gotmpl

@@ -91,7 +91,6 @@ configuration:
         {{- end }}
 
     guestModule:
-      enabled: true
       image:
         imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
         registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.synapseGuestModule.registry | quote }}

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -185,33 +185,6 @@ nubusUmcServer:
     runAsNonRoot: false
     seLinuxOptions:
       {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
-  containerSecurityContextSssd:
-    enabled: true
-    allowPrivilegeEscalation: true
-    capabilities:
-      drop:
-        - "ALL"
-      add:
-        - "DAC_OVERRIDE"
-        - "SETGID"
-        - "AUDIT_WRITE"
-        - "SETUID"
-        - "CHOWN"
-        - "SETPCAP"
-        - "FOWNER"
-        - "FSETID"
-        - "KILL"
-        - "MKNOD"
-        - "NET_BIND_SERVICE"
-        - "SYS_CHROOT"
-    runAsUser: 0
-    runAsGroup: 0
-    seccompProfile:
-      type: "RuntimeDefault"
-    readOnlyRootFilesystem: true
-    runAsNonRoot: false
-    seLinuxOptions:
-      {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
   imagePullSecrets:
     {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
   proxy:

helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl

@@ -16,9 +16,6 @@ imagePullSecrets:
 dovecot:
   mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
   password: {{ .Values.secrets.dovecot.doveadm | quote }}
-  migration:
-    enabled: {{ .Values.functional.migration.oxAppsuite.enabled }}
-    masterPassword: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }}
   ldap:
     enabled: true
     host: {{ .Values.ldap.host | quote }}

helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl

@@ -9,17 +9,8 @@ cleanup:
   deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
 
 containerSecurityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-      - "ALL"
-  enabled: true
-  runAsUser: 1000
-  runAsGroup: 1000
   seccompProfile:
     type: "RuntimeDefault"
-  readOnlyRootFilesystem: true
-  runAsNonRoot: true
   seLinuxOptions:
     {{ .Values.seLinuxOptions.openxchangeBootstrap | toYaml | nindent 4 }}
 

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -23,7 +23,6 @@ nextcloud-integration-ui:
     registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
     repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
     tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
-    pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
   imagePullSecrets:
   {{- range .Values.global.imagePullSecrets }}
     - name: {{ . | quote }}
@@ -47,8 +46,6 @@ nextcloud-integration-ui:
       type: "RuntimeDefault"
     seLinuxOptions:
       {{ .Values.seLinuxOptions.openxchangeNextcloudIntegrationUI | toYaml | nindent 6 }}
-  serviceAccount:
-    create: false
 
 public-sector-ui:
   image:
@@ -80,8 +77,6 @@ public-sector-ui:
       type: "RuntimeDefault"
     seLinuxOptions:
       {{ .Values.seLinuxOptions.openxchangePublicSectorUI | toYaml | nindent 6 }}
-  serviceAccount:
-    create: false
 
 appsuite:
   appsuite-toolkit:
@@ -165,8 +160,6 @@ appsuite:
           type: "RuntimeDefault"
         seLinuxOptions:
           {{ .Values.seLinuxOptions.openxchangeGotenberg | toYaml | nindent 10 }}
-        serviceAccount:
-          create: false
     hooks:
       beforeAppsuiteStart:
         create-guard-dir.sh: |
@@ -174,17 +167,9 @@ appsuite:
           chown open-xchange:open-xchange /opt/open-xchange/guard-files
     packages:
       status:
-        {{- if .Values.functional.migration.oxAppsuite.enabled }}
-        open-xchange-authentication-masterpassword: "enabled"
-        open-xchange-authentication-ldap: "disabled"
-        open-xchange-authentication-oauth: "disabled"
-        open-xchange-oidc: "disabled"
-        {{- else }}
         open-xchange-oidc: "enabled"
         open-xchange-authentication-database: "disabled"
         open-xchange-authentication-oauth: "enabled"
-        open-xchange-authentication-ldap: "disabled"
-        {{- end }}
     properties:
       com.openexchange.UIWebPath: "/appsuite/"
       com.openexchange.showAdmin: "false"
@@ -246,7 +231,7 @@ appsuite:
       # Old capability can be used to toggle all integrations with a single switch
       com.openexchange.capability.public-sector: "true"
       # New capabilities in 2.0
-      com.openexchange.capability.public-sector-element: "false"
+      com.openexchange.capability.public-sector-element: "true"
       com.openexchange.capability.public-sector-navigation: "true"
       com.openexchange.capability.client-onboarding: "true"
       com.openexchange.capability.dynamic-theme: "true"
@@ -290,8 +275,6 @@ appsuite:
       com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }}
       com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }}
     propertiesFiles:
-      /opt/open-xchange/etc/masterpassword-authentication.properties:
-        com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }}
       /opt/open-xchange/etc/AdminDaemon.properties:
         MASTER_ACCOUNT_OVERRIDE: "true"
       /opt/open-xchange/etc/AdminUser.properties:
@@ -415,8 +398,6 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeCoreUI | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
 
   core-ui-middleware:
     enabled: true
@@ -456,9 +437,6 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeCoreUIMiddleware | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
-
   core-cacheservice:
     enabled: false
 
@@ -476,7 +454,6 @@ appsuite:
       registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
       repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
       tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
-      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     podAnnotations: {}
     redis: *redisConfiguration
     replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
@@ -498,8 +475,6 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeDocumentConverter | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
 
   core-documents-collaboration:
     enabled: false
@@ -545,8 +520,6 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeCoreGuidedtours | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
 
   core-imageconverter:
     enabled: true
@@ -558,7 +531,6 @@ appsuite:
       registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
       repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
       tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
-      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
     objectCache:
       s3ObjectStores:
         - id: -1
@@ -586,8 +558,6 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeImageConverter | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
 
   guard-ui:
     enabled: true
@@ -618,8 +588,6 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeGuardUI | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
   core-spellcheck:
     enabled: false
 
@@ -652,6 +620,4 @@ appsuite:
         type: "RuntimeDefault"
       seLinuxOptions:
         {{ .Values.seLinuxOptions.openxchangeCoreUserGuide | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
 ...

helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl

@@ -90,6 +90,7 @@ securityContext:
       - "SETUID"
       - "SETPCAP"
       - "NET_BIND_SERVICE"
+      - "NET_RAW"
       - "SYS_CHROOT"
   privileged: false
   seccompProfile:

helmfile/apps/openproject/helmfile-child.yaml.gotmpl

@@ -22,7 +22,7 @@ releases:
       - "values.yaml.gotmpl"
       - {{ .Values.customization.release.openproject | default "additionalValues: false" }}
     installed: {{ .Values.openproject.enabled }}
-    timeout: 1800
+    timeout: 1500
 
 commonLabels:
   deploy-stage: "component-1"

helmfile/apps/xwiki/helmfile-child.yaml.gotmpl

@@ -21,7 +21,7 @@ releases:
       - "values.yaml.gotmpl"
       - {{ .Values.customization.release.xwiki | default "additionalValues: false" }}
     installed: {{ .Values.xwiki.enabled }}
-    timeout: 1800
+    timeout: 900
 
 commonLabels:
   deploy-stage: "component-1"

helmfile/environments/default/charts.yaml

@@ -58,7 +58,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
     name: "cryptpad"
-    version: "0.0.20"
+    version: "0.0.19"
     verify: true
   dkimpy:
     # providerCategory: "Platform"
@@ -80,7 +80,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
     name: "dovecot"
-    version: "1.4.0"
+    version: "1.3.10"
     verify: true
   element:
     # providerCategory: "Platform"
@@ -212,7 +212,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
     name: "opendesk-migrations"
-    version: "1.3.5"
+    version: "1.3.3"
     verify: true
   minio:
     # providerCategory: "Community"
@@ -318,7 +318,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
     name: "opendesk-open-xchange-bootstrap"
-    version: "2.1.0"
+    version: "2.0.0"
     verify: true
   otterize:
     # providerCategory: "Platform"
@@ -412,6 +412,6 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
     name: "xwiki"
-    version: "1.4.0"
+    version: "1.3.1"
     verify: false
 ...

helmfile/environments/default/cluster.yaml

@@ -29,8 +29,6 @@ cluster:
     # The IP/DNS of your load-balancer will be fetched for some components from 'status' map of services.
     # Most providers use '.status.loadBalancer.ingress[0].ip' to store public ip. You can modify the chosen field here.
     loadBalancerStatusField: "ip"
-    # Network protocol options: "IPv4", "IPv6", "DualStack"
-    ipFamilies: "DualStack"
 
   container:
     # Used container engine in kubernetes cluster.

helmfile/environments/default/element.yaml

@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+configuration:
+  homeserver:
+    guestModule:
+      enabled: false
+...

helmfile/environments/default/functional.yaml

@@ -98,11 +98,4 @@ functional:
         # If the LDAP entryUUID should be used for the localpart of user's MatrixIDs following setting must be `true`.
         useImmutableIdentifierForLocalpart: false
 
-  migration:
-    oxAppsuite:
-      # Note: Only available in openDesk Enterprise.
-      # Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using
-      # `secrets.oxAppsuite.migrationsMasterPassword`.
-      enabled: false
-
 ...

helmfile/environments/default/images.yaml

@@ -155,7 +155,7 @@ images:
     # upstreamMirrorStartFrom: ["1", "4", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-neoboard-widget"
-    tag: "1.20.0@sha256:e72bca018af1c0087587f6bcd1748c820ff520c8cf2a042b9b58354cdc878345"
+    tag: "1.20.0@sha256:868f8326f32a872138d3524fce63df580dbd99861f3c817918e130a70b01212f"
   matrixNeoChoiceWidget:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
@@ -211,7 +211,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.3.12@sha256:9f9b74970a26a52153c864ab2096449a413a6245679a67b113907c24c2917bce"
+    tag: "1.3.10@sha256:8cdc1d497840bbf3a1d824969e471503b42b8d8fae0ad22c275947085fc3179a"
   milter:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -235,7 +235,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "2.2.1@sha256:81d434d48e562fde6c33ad865970e342a41e3edf5f55c1219623939945ab4478"
+    tag: "2.2.0@sha256:a7ba27a7a8df4afae1937898ae64dbae6181629295bcb6b9bbd39fd9b8c25903"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -403,7 +403,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.6.10@sha256:e2c9cc4ccb7a28e2b9ff3d71b5230ff921bd7f9a9f541c4ea16af7ecc3f0330b"
+    tag: "1.6.9@sha256:70c2825e16f62d57ae371bc05f0089846fea8adc3a3ece2006d37d854f528852"
   nubusOpenPolicyAgent:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -796,7 +796,7 @@ images:
     # upstreamMirrorStartFrom: ["1", "0", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/synapse-guest-module"
-    tag: "2.0.0@sha256:0fb4ee93cf6fc58f3f3b2f7f8c95d5e6d259b9a5dc354bde516e441187819283"
+    tag: "1.0.0@sha256:6b3b17183a7d163148cc1bc5342604682ec67d898394fc743db2f339e61c722e"
   synapseWeb:
     # providerCategory: "Community"
     # providerResponsible: "Element"
@@ -822,5 +822,5 @@ images:
     # upstreamMirrorStartFrom: ["0", "12"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
-    tag: "0.21-mariadb-jetty-alpine@sha256:87263c92601da812ebe128cf14d632a10a7a2273ab5ee10f8f19ff83a0576cb3"
+    tag: "0.19-mariadb-jetty-alpine@sha256:8590ee815bceb7764df681b9239b4606adc5b3750e4eff2d928b62dcd046a623"
 ...

helmfile/environments/default/replicas.yaml

@@ -13,8 +13,7 @@ replicas:
   # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
   clamd: 1
   # -- scalable: true
-  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files
+  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton.
-  # centrally an should be a singleton.
   freshclam: 1
   # -- scalable: true
   # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.

helmfile/environments/default/secrets.gotmpl

@@ -7,7 +7,6 @@ SPDX-License-Identifier: Apache-2.0
 secrets:
   oxAppsuite:
     adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
-    migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
     cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
     sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
     shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}

helmfile/environments/default/selinux.yaml

@@ -59,8 +59,8 @@ seLinuxOptions:
   prosody: ~
   redis: ~
   synapse: ~
-  synapseCreateUser: ~
+  synapseCreateUser :  ~
-  synapseGuestModule: ~
+  synapseGuestModule :  ~
   synapseWeb: ~
   umsGuardianAuthorizationApi: ~
   umsGuardianManagementApi: ~