feat(nubus): Update chart to version 0.61.0-post-jbornhold-plain-nubus-3

Adjusts the configuration of the guardian related clientids.

.gitlab-ci.yml

@@ -461,15 +461,11 @@ env-stop:
 
 .ums-default-password: &ums-default-password
   - |
-    UMS_PASSWORDS=$( \
-      kubectl -n ${NAMESPACE} get cm ums-stack-data-swp-data -o jsonpath='{.data.dev-test-users\.yaml}' \
-      | yq '.properties.password' > passwords.txt \
-    )
     DEFAULT_USER_PASSWORD=$( \
-      awk 'NR==1{print $1}' passwords.txt \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.user_password}' | base64 -d \
     )
     DEFAULT_ADMIN_PASSWORD=$(
-      awk 'NR==3{print $1}' passwords.txt \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.administrator_password}' | base64 -d \
     )
 
 run-tests:

README.md

@@ -29,7 +29,7 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
 openDesk currently features the following functional main components:
 
 | Function             | Functional Component        | Component<br/>Version                                                                 | Upstream Documentation                                                                                                                       |
-| -------------------- | --------------------------- |---------------------------------------------------------------------------------------| -------------------------------------------------------------------------------------------------------------------------------------------- |
+| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
 | Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)        | [For the most recent release](https://element.io/user-guide)                                                                                 |
 | Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                      | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
 | File management      | Nextcloud                   | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5)                                  | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
@@ -38,7 +38,7 @@ openDesk currently features the following functional main components:
 | Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
 | Project management   | OpenProject                 | [14.4.1](https://www.openproject.org/docs/release-notes/14-4-1/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
-| Weboffice            | Collabora                   | [24.04.7.1.2](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
+| Weboffice            | Collabora                   | [24.04.7.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
 
 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practices regarding container design and operations.

helmfile.yaml.gotmpl

@@ -15,7 +15,7 @@ environments:
 ---
 # yamllint disable
 helmfiles:
-  - path: "./helmfile_generic.yaml"
+  - path: "./helmfile_generic.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 # {{/*

helmfile/apps/collabora/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.collabora.registry }}/{{ .Values.charts.collabora.repository }}"
-      {{ .Values.charts.collabora.repository }}"
 
 releases:
   - name: "collabora-online"

helmfile/apps/collabora/helmfile.yaml.gotmpl

@@ -6,7 +6,7 @@ bases:
   - "../../bases/environments.yaml"
 ---
 helmfiles:
-  - path: "./helmfile-child.yaml"
+  - path: "./helmfile-child.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 ...

helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.cryptpad.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.cryptpad.registry }}/{{ .Values.charts.cryptpad.repository }}"
-      {{ .Values.charts.cryptpad.repository }}"
 
 releases:
   - name: "cryptpad"

helmfile/apps/cryptpad/helmfile.yaml.gotmpl

@@ -6,7 +6,7 @@ bases:
   - "../../bases/environments.yaml"
 ---
 helmfiles:
-  - path: "./helmfile-child.yaml"
+  - path: "./helmfile-child.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 ...

helmfile/apps/element/helmfile-child.yaml.gotmpl

@@ -10,40 +10,35 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.element.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}"
-      {{ .Values.charts.element.repository }}"
   - name: "element-well-known-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.elementWellKnown.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}"
-      {{ .Values.charts.elementWellKnown.repository }}"
   - name: "synapse-web-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.synapseWeb.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}"
-      {{ .Values.charts.synapseWeb.repository }}"
   - name: "synapse-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.synapse.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
-      {{ .Values.charts.synapse.repository }}"
   - name: "synapse-create-account-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.synapseCreateAccount.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}"
-      {{ .Values.charts.synapseCreateAccount.repository }}"
 
   # openDesk Matrix Widgets
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets
@@ -53,40 +48,35 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixUserVerificationService.registry }}/{{ .Values.charts.matrixUserVerificationService.repository }}"
-      {{ .Values.charts.matrixUserVerificationService.repository }}"
   - name: "matrix-neoboard-widget-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
-      {{ .Values.charts.matrixNeoboardWidget.repository }}"
   - name: "matrix-neochoice-widget-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
-      {{ .Values.charts.matrixNeoboardWidget.repository }}"
   - name: "matrix-neodatefix-widget-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}"
-      {{ .Values.charts.matrixNeodatefixWidget.repository }}"
   - name: "matrix-neodatefix-bot-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"
-      {{ .Values.charts.matrixNeodatefixBot.repository }}"
 
 
 releases:

helmfile/apps/element/helmfile.yaml.gotmpl

@@ -6,7 +6,7 @@ bases:
   - "../../bases/environments.yaml"
 ---
 helmfiles:
-  - path: "./helmfile-child.yaml"
+  - path: "./helmfile-child.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 ...

helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl

@@ -5,13 +5,12 @@ repositories:
   # Intercom Service
   # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
   - name: "intercom-service-repo"
-    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    keyring: "../../files/gpg-pubkeys/univention-de.gpg"
     verify: {{ .Values.charts.intercomService.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}"
-      {{ .Values.charts.intercomService.repository }}"
 
 releases:
   - name: "intercom-service"

helmfile/apps/intercom-service/helmfile.yaml.gotmpl

@@ -6,7 +6,7 @@ bases:
   - "../../bases/environments.yaml"
 ---
 helmfiles:
-  - path: "./helmfile-child.yaml"
+  - path: "./helmfile-child.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 ...

helmfile/apps/intercom-service/values.yaml.gotmpl

@@ -72,6 +72,26 @@ ingress:
     enabled: {{ .Values.ingress.tls.enabled }}
     secretName: {{ .Values.ingress.tls.secretName | quote }}
 
+provisioning:
+  enabled: true
+  config:
+    nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
+    keycloak:
+      url: "http://ums-keycloak:8080/realms/{{ .Values.platform.realm }}/"
+      username: "kcadmin"
+      realm: {{ .Values.platform.realm | quote }}
+      connection:
+        host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
+        baseUrl: "http://ums-keycloak:8080"
+      credentialSecret:
+        name: "ums-opendesk-keycloak-credentials"
+        key: "admin_password"
+    ics_client:
+      clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
+      credentialSecret:
+        key: "ics_secret"
+
+
 podSecurityContext:
   enabled: true
   fsGroup: 1000

helmfile/apps/jitsi/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.jitsi.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.jitsi.registry }}/{{ .Values.charts.jitsi.repository }}"
-      {{ .Values.charts.jitsi.repository }}"
 
 releases:
   - name: "jitsi"

helmfile/apps/jitsi/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/jitsi/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/migrations-post/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.migrations.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.migrations.registry }}/{{ .Values.charts.migrations.repository }}"
-      {{ .Values.charts.migrations.repository }}"
 
 releases:
   - name: "opendesk-migrations-post"

helmfile/apps/migrations-post/helmfile.yaml.gotmpl

@@ -5,7 +5,7 @@ bases:
   - "../../bases/environments.yaml"
 ---
 helmfiles:
-  - path: "./helmfile-child.yaml"
+  - path: "./helmfile-child.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 ...

helmfile/apps/migrations-pre/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.migrations.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.migrations.registry }}/{{ .Values.charts.migrations.repository }}"
-      {{ .Values.charts.migrations.repository }}"
 
 releases:
   - name: "opendesk-migrations-pre"

helmfile/apps/migrations-pre/helmfile.yaml.gotmpl

@@ -5,7 +5,7 @@ bases:
   - "../../bases/environments.yaml"
 ---
 helmfiles:
-  - path: "./helmfile-child.yaml"
+  - path: "./helmfile-child.yaml.gotmpl"
     values:
       - {{ toYaml .Values | nindent 8 }}
 ...

helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl

@@ -10,16 +10,14 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloudManagement.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloudManagement.registry }}/{{ .Values.charts.nextcloudManagement.repository }}"
-      {{ .Values.charts.nextcloudManagement.repository }}"
   - name: "nextcloud-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.nextcloud.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloud.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.nextcloud.registry }}/{{ .Values.charts.nextcloud.repository }}"
-      {{ .Values.charts.nextcloud.repository }}"
 
 releases:
   - name: "opendesk-nextcloud-management"

helmfile/apps/nextcloud/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/nextcloud/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/nubus/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
     url:
-      "{{ .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/\
+      "{{ .Values.global.helmRegistry | default .Values.charts.nubus.registry }}/{{ .Values.charts.nubus.repository }}"
-      {{ .Values.charts.nubus.repository }}"
   # OpenDesk Keycloak Bootstrap Chart
   - name: "opendesk-keycloak-bootstrap-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
@@ -19,8 +18,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.opendeskKeycloakBootstrap.registry }}/{{ .Values.charts.opendeskKeycloakBootstrap.repository }}"
-      {{ .Values.charts.opendeskKeycloakBootstrap.repository }}"
 
 releases:
   # Univention Management Stack Umbrella Chart

helmfile/apps/nubus/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/nubus/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -9,8 +9,11 @@ global:
     baseDn: {{ .Values.ldap.baseDn | quote }}
     domainName: {{ .Values.global.domain | quote }}
   domain: {{ .Values.global.domain | quote }}
+  subDomains:
+    portal: {{ .Values.global.hosts.nubus | quote }}
+    keycloak: {{ .Values.global.hosts.keycloak | quote }}
   ingressClass: {{ .Values.ingress.ingressClassName | default "nginx" | quote }}
-  certManagerIssuer: "letsencrypt-prod-dns"
+  certManagerIssuer: {{ .Values.certificate.issuerRef.name | quote }}
   nubusMasterPassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }}
   keycloak:
     realm: {{ .Values.platform.realm | quote }}
@@ -26,6 +29,30 @@ global:
     defaultUsers:
       defaultAdminPassword: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote}}
       defaultUserPassword: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote}}
+      defaultAdministratorPassword: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote}}
+    portalConsumer:
+      minio:
+        accessKey: {{ .Values.objectstores.nubus.username | quote }}
+        secretKey: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
+      provisioningApi:
+        password: {{ .Values.secrets.nubus.portalConsumer.provisioningApiPassword | quote}}
+    provisioning:
+      api:
+        adminPassword: {{ .Values.secrets.nubus.provisioning.api.adminPassword | quote}}
+        natsPassword: {{ .Values.secrets.nubus.provisioning.api.natsPassword | quote}}
+        prefillPassword: {{ .Values.secrets.nubus.provisioning.api.prefillPassword | quote}}
+        udmTransformerPassword: {{ .Values.secrets.nubus.provisioning.api.udmTransformerPassword | quote}}
+      dispatcher:
+        natsPassword: {{ .Values.secrets.nubus.provisioning.dispatcherNatsPassword | quote}}
+      nats:
+        adminPassword: {{ .Values.secrets.nats.natsAdminPassword | quote}}
+      prefill:
+        natsPassword: {{ .Values.secrets.nubus.provisioning.prefillNatsPassword | quote}}
+      udmTransformer:
+        natsPassword: {{ .Values.secrets.nubus.provisioning.udmTransformerNatsPassword | quote}}
+    selfserviceConsumer:
+      provisioningApi:
+        password: {{ .Values.secrets.nubus.selfserviceConsumer.provisioningApiPassword | quote}}
 
   # -- Extensions to load. Add entries to load additional extensions into Nubus.
   extensions:
@@ -52,6 +79,68 @@ global:
         repository: {{ .Values.images.nubusPortalExtension.repository }}
         tag: {{ .Values.images.nubusPortalExtension.tag }}
         imagePullPolicy: {{ .Values.global.imagePullPolicy }}
+        imagePullPolicy: "IfNotPresent"
+  configUcr:
+    directory:
+      manager:
+        web:
+          modules:
+            users:
+              user:
+                add:
+                  default: cn=openDesk User,cn=templates,cn=univention,{{ .Values.ldap.baseDn }}
+                properties:
+                  description:
+                    syntax: TextArea
+                  firstname:
+                    required: "true"
+                  mailPrimaryAddress:
+                    required: "true"
+                  username:
+                    syntax: uid
+                search:
+                  autosearch: "False"
+                wizard:
+                  property:
+                    invite:
+                      default: "True"
+                    overridePWLength:
+                      default: "False"
+                      visible: "False"
+                    pwdChangeNextLogin:
+                      default: "True"
+                      visible: "False"
+            wizard:
+              disabled: "No"
+
+    ucs:
+      web:
+        theme: light
+
+    umc:
+      cookie-banner:
+        show: "false"
+      login:
+        password-complexity-message:
+          de: "Das Passwort muss den folgenden Anforderungen entsprechen:<br><ul><li>Mindestlänge: 8 Zeichen</li></ul>Anmerkung: Wird befinden uns nicht in einer Produktivumgebung."
+          en: "Password must comply with the following rules:<br><ul><li>Minimum length: 8 characters</li></ul>Note: We are in a non production (dev/test/demo) system."
+      module:
+        udm:
+          oxmail:
+            oxcontext:
+              disabled: "True"
+          portals:
+            all:
+              disabled: "True"
+      self-service:
+        passwordreset:
+          token_validity_period: 172800
+
+ingress:
+  certManager:
+    enabled: false
+  tls:
+    secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 # Nubus bundled services
 postgresql:
@@ -87,7 +176,13 @@ nubusGuardian:
   provisioning:
     enabled: false
     config:
+      nubusBaseUrl: {{ printf "https://%s.%s" .Values.global.hosts.nubus .Values.global.domain }}
       keycloak:
+        realm: {{ .Values.platform.realm | quote }}
+        username: "kcadmin"
+        connection:
+          host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
+          baseUrl: "http://ums-keycloak:8080"
         credentialSecret:
           name: "ums-opendesk-keycloak-credentials"
           key: "admin_password"
@@ -95,7 +190,11 @@ nubusGuardian:
         credentialSecret:
           name: "ums-opendesk-guardian-client-secret"
           key: "managementApiClientSecret"
-
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
   postgresql:
     connection:
       host: {{ .Values.databases.umsGuardianManagementApi.host | quote }}
@@ -116,6 +215,11 @@ nubusNotificationsApi:
       username: {{ .Values.databases.umsNotificationsApi.username | quote }}
       database: {{ .Values.databases.umsNotificationsApi.name | quote }}
       existingSecret: "ums-notifications-api-postgresql-opendesk-credentials"
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 
 nubusKeycloakExtensions:
@@ -140,6 +244,10 @@ nubusKeycloakExtensions:
           path: "/resources/"
         - pathType: "Prefix"
           path: "/fingerprintjs"
+      certManager:
+        enabled: false
+      tls:
+        secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 
   postgresql:
@@ -170,14 +278,25 @@ nubusKeycloakExtensions:
       newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
       mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
 
+nubusPortalFrontend:
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
+
 nubusPortalListener:
-  portalListener:
+  enabled: false
+
+nubusPortalConsumer:
+  enabled: true
+  portalConsumer:
+    logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"INFO"{{ end }}
     objectStorageEndpoint: {{ .Values.objectstores.nubus.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
     objectStorageBucket: {{ .Values.objectstores.nubus.bucket | quote }}
-    objectStorageCredentialSecret:
+  provisioningApi:
-      name: "ums-portal-listener-minio-opendesk-credentials"
+    auth:
-      accessKeyKey: "access-key-id"
+      username: "portal-consumer"
-      secretKeyKey: "secret-key-id"
 
 nubusPortalServer:
   portalServer:
@@ -190,16 +309,30 @@ nubusPortalServer:
     centralNavigation:
       enabled: true
       authenticatorSecretName: "ums-opendesk-portal-server-central-navigation"
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
+
+nubusUdmRestApi:
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
 
-# NOTE: disabled until the next update.
 nubusProvisioning:
-  enabled: false
-nubusUdmListener:
-  enabled: false
-nubusSelfServiceListener:
   enabled: true
-  selfserviceListener:
+
-    umcAdminUser: "default.admin"
+nubusUdmListener:
+  enabled: true
+
+nubusSelfServiceListener:
+  enabled: false
+
+nubusSelfServiceConsumer:
+  enabled: true
 
 # Nubus services
 nubusStackDataUms:
@@ -210,34 +343,12 @@ nubusStackDataUms:
     umcMemcachedUsername: ""
     externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
     umcHtmlTitle: "openDesk Portal"
-    installUmcPolicies: true
-  nubusUmcServer:
-    memcached:
-      auth:
-        username: ""
-
-# TODO: Remove values when upstreaming fixes
-nubusStackDataSwp:
-  stackDataSwp:
-    {{- if .Values.functional.admin.portal.deploymentInformation.enabled }}
-    systemInformation:
-      deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
-      releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
-    {{- end }}
-  stackDataContext:
-    ldapSearchUsers:
-      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
-      - username: {{ printf "ldapsearch_%s" $username | quote }}
-        password: {{ $password | quote }}
-        lastname: "LDAP-Search-User"
-      {{- end }}
-    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
     smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
     smtpPort: 25
     smtpUser: ""
     smtpStartTls: false
     ldapBase: {{ .Values.ldap.baseDn }}
-    # FIXME: Should be templated correctly in the future
+  templateContext:
     portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
     portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }}
     portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }}
@@ -247,6 +358,43 @@ nubusStackDataSwp:
     portalTitleDE: "openDesk Portal"
     portalTitleEN: "openDesk Portal"
     oxDefaultContext: "1"
+    ldapSearchUsers:
+      {{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
+      - username: {{ printf "ldapsearch_%s" $username | quote }}
+        password: {{ $password | quote }}
+        lastname: "LDAP-Search-User"
+      {{- end }}
+    ldapSystemUsers: []
+    portaltileGroupUserStandard:
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupUserAdmin:
+      - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupUserAll:
+      - 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
+      - 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupGroupware:
+      - 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupFileshare:
+      - 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementProject:
+      - 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementKnowledge:
+      - 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupManagementLearn:
+      - 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
+    portaltileGroupLiveCollaboration:
+      - 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
+    systemInformation:
+      enabled: {{ .Values.functional.admin.portal.deploymentInformation.enabled }}
+      releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
+      deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
+
+  nubusUmcServer:
+    memcached:
+      auth:
+        username: ""
 
 nubusUmcServer:
   postgresql:
@@ -270,10 +418,20 @@ nubusUmcServer:
   smtp:
     credentialSecret:
       name: "ums-umc-server-smtp-credentials-custom"
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 nubusUmcGateway:
   umcGateway:
     umcHtmlTitle: "openDesk Portal"
+  ingress:
+    certManager:
+      enabled: false
+    tls:
+      secretName: {{ .Values.ingress.tls.secretName | quote }}
 
 nubusKeycloakBootstrap:
   keycloak:
@@ -289,6 +447,11 @@ nubusKeycloakBootstrap:
     twoFactorAuthentication:
       enabled: true
       group: "2fa-users"
+  ldap:
+    auth:
+      bindDn: {{ printf "uid=ldapsearch_keycloak,cn=users,%s" .Values.ldap.baseDn }}
+      credentialSecret:
+        name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
 
 # Credential secrets for accessing customer supplied services
 extraSecrets:
@@ -322,11 +485,10 @@ extraSecrets:
   - name: "ums-keycloak-extensions-smtp-opendesk-credentials"
     stringData:
       umcKeycloakExtensionsSmtpPassword: ""
-  - name: "ums-portal-server-minio-opendesk-credentials"
+  - name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
     stringData:
-      access-key-id: {{ .Values.objectstores.nubus.username | quote }}
+      password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
-      secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
+  - name: "ums-portal-server-minio-opendesk-credentials"
-  - name: "ums-portal-listener-minio-opendesk-credentials"
     stringData:
       access-key-id: {{ .Values.objectstores.nubus.username | quote }}
       secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}

helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl

@@ -87,15 +87,29 @@ nubusKeycloakExtensions:
     resources:
       {{ .Values.resources.umsKeycloakExtensionProxy | toYaml | nindent 6 }}
 
-nubusPortalListener:
+nubusPortalConsumer:
   podAnnotations:
-    intents.otterize.com/service-name: "ums-portal-listener"
+    intents.otterize.com/service-name: "ums-portal-consumer"
-  replicaCount: {{ .Values.replicas.umsPortalListener }}
+  replicaCount: {{ .Values.replicas.umsPortalConsumer }}
   resources:
-    {{ .Values.resources.umsPortalListener | toYaml | nindent 4 }}
+    {{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
+  resourcesWaitForDependency:
+    {{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
   persistence:
     storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
-    size: {{ .Values.persistence.size.nubus.portalListener | quote }}
+    size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
+
+nubusPortalConsumer:
+  podAnnotations:
+    intents.otterize.com/service-name: "ums-portal-consumer"
+  replicaCount: {{ .Values.replicas.umsPortalConsumer }}
+  resources:
+    {{ .Values.resources.umsPortalConsumer | toYaml | nindent 4 }}
+  resourcesWaitForDependency:
+    {{ .Values.resources.umsPortalConsumerDependencies | toYaml | nindent 4 }}
+  persistence:
+    storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
+    size: {{ .Values.persistence.size.nubus.portalConsumer | quote }}
 
 nubusPortalServer:
   additionalAnnotations:
@@ -115,6 +129,10 @@ nubusLdapNotifier:
     {{ .Values.resources.umsLdapNotifier | toYaml | nindent 4 }}
 
 nubusLdapServer:
+  highAvailabilityMode: false
+  replicaCountPrimary: 1
+  replicaCountSecondary: 0 # {{ .Values.replicas.umsLdapServerSecondary }}
+  replicaCountProxy: 0 # {{ .Values.replicas.umsLdapServerProxy }}
   additionalAnnotations:
     intents.otterize.com/service-name: "ums-ldap-server"
   serviceAccount:
@@ -148,18 +166,12 @@ nubusStackDataUms:
   resources:
     {{ .Values.resources.umsStackDataUms | toYaml | nindent 4 }}
 
-nubusStackDataSwp:
+nubusSelfServiceConsumer:
-  additionalAnnotations:
-    intents.otterize.com/service-name: "ums-stack-data-swp"
-  resources:
-    {{ .Values.resources.umsStackDataSwp | toYaml | nindent 4 }}
-
-nubusSelfServiceListener:
   podAnnotations:
     intents.otterize.com/service-name: "ums-selfservice-listener"
   resources:
-    {{ .Values.resources.umsSelfserviceListener | toYaml | nindent 4 }}
+    {{ .Values.resources.umsSelfserviceConsumer | toYaml | nindent 4 }}
-  replicaCount: {{ .Values.replicas.umsSelfserviceListener }}
+  replicaCount: {{ .Values.replicas.umsSelfserviceConsumer }}
 
 nubusUdmRestApi:
   additionalAnnotations:
@@ -177,15 +189,6 @@ nubusUmcGateway:
   replicaCount: {{ .Values.replicas.umsUmcGateway }}
   resources:
     {{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
-  extraVolumes:
-    - name: "entrypoint-swp-patches"
-      configMap:
-        name: "ums-stack-data-swp-umc-gateway-entrypoint"
-        defaultMode: 0555
-  extraVolumeMounts:
-    - name: "entrypoint-swp-patches"
-      mountPath: "/entrypoint.d/90-swp.sh"
-      subPath: "90-swp.sh"
 
 nubusKeycloakBootstrap:
   podAnnotations:

helmfile/apps/nubus/values-opendesk-images.yaml.gotmpl

@@ -51,15 +51,6 @@ nubusLdapServer:
       repository: {{ .Values.images.nubusWaitForDependency.repository }}
       tag: {{ .Values.images.nubusWaitForDependency.tag }}
 
-
-nubusPortalConsumer:
-  portalConsumer:
-    image:
-      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
-      repository: {{ .Values.images.nubusPortalConsumer.repository }}
-      tag: {{ .Values.images.nubusPortalConsumer.tag }}
-
-
 nubusNotificationsApi:
   image:
     registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusNotificationsApi.registry | quote }}
@@ -72,11 +63,12 @@ nubusPortalFrontend:
     repository: {{ .Values.images.nubusPortalFrontend.repository }}
     tag: {{ .Values.images.nubusPortalFrontend.tag }}
 
-nubusPortalListener:
+nubusPortalConsumer:
-  image:
+  portalConsumer:
-    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalListener.registry | quote }}
+    image:
-    repository: {{ .Values.images.nubusPortalListener.repository }}
+      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusPortalConsumer.registry | quote }}
-    tag: {{ .Values.images.nubusPortalListener.tag }}
+      repository: {{ .Values.images.nubusPortalConsumer.repository }}
+      tag: {{ .Values.images.nubusPortalConsumer.tag }}
   waitForDependency:
     image:
       registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
@@ -151,11 +143,6 @@ nubusUdmListener:
     tag: {{ .Values.images.nubusProvisioningUdmListener.tag }}
 
 nubusSelfServiceListener:
-  selfserviceListener:
-    image:
-      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfserviceListener.registry | quote }}
-      repository: {{ .Values.images.nubusSelfserviceListener.repository }}
-      tag: {{ .Values.images.nubusSelfserviceListener.tag }}
   selfserviceInvitation:
     image:
       registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusSelfserviceInvitation.registry | quote }}
@@ -225,9 +212,3 @@ nubusStackDataUms:
     registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
     repository: {{ .Values.images.nubusDataLoader.repository }}
     tag: {{ .Values.images.nubusDataLoader.tag }}
-
-nubusStackDataSwp:
-  image:
-    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusDataLoader.registry | quote }}
-    repository: {{ .Values.images.nubusDataLoader.repository }}
-    tag: {{ .Values.images.nubusDataLoader.tag }}

helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl

@@ -29,7 +29,7 @@ config:
   managed:
     clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list', 'offline_access', 'roles', 'address', 'phone' ]
     # 'guardian-management-api', 'guardian-scripts', 'guardian-ui' clients have been added explicitly for the moment (see further down this file)
-    clients: [ 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
+    clients: [ 'opendesk-intercom', 'guardian-management-api', 'guardian-scripts', 'guardian-ui', 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
   keycloak:
     adminUser: "kcadmin"
     adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
@@ -389,60 +389,6 @@ config:
           backchannel.logout.session.required: false
         defaultClientScopes:
           - "opendesk-dovecot-scope"
-      - name: "opendesk-intercom"
-        clientId: "opendesk-intercom"
-        protocol: "openid-connect"
-        clientAuthenticatorType: "client-secret"
-        secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
-        redirectUris:
-          - "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
-        consentRequired: false
-        frontchannelLogout: false
-        publicClient: false
-        authorizationServicesEnabled: false
-        attributes:
-          backchannel.logout.session.required: true
-          backchannel.logout.revoke.offline.tokens: true
-          backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
-        protocolMappers:
-          - name: "intercom-audience"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "opendesk-intercom"
-              id.token.claim: false
-              access.token.claim: true
-          # temporary additional claim while entryuuid is a hardcoded attribute in IntercomService and we cannot set
-          # it to `opendesk_useruuid` standard claim. For reference:
-          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/app.js#L89
-          - name: "entryuuid_temp"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "entryUUID"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "entryuuid"
-              jsonType.label: "String"
-          # temporary additional claim while phoenixusername is a hardcoded attribute in IntercomService and we cannot
-          # set it to `opendesk_username` standard claim. For reference:
-          # https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/routes/navigation.js#L27
-          - name: "phoenixusername_temp"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "uid"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "phoenixusername"
-              jsonType.label: "String"
-        defaultClientScopes:
-          - "offline_access"
       - name: "opendesk-jitsi"
         clientId: "opendesk-jitsi"
         protocol: "openid-connect"
@@ -571,296 +517,6 @@ config:
           post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
         defaultClientScopes:
           - "opendesk-xwiki-scope"
-      - name: "guardian-management-api"
-        clientId: "guardian-management-api"
-        rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        protocol: "openid-connect"
-        publicClient: false
-        clientAuthenticatorType: "client-secret"
-        secret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
-        redirectUris:
-          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/guardian/*"
-        fullScopeAllowed: true
-        standardFlowEnabled: true
-        implicitFlowEnabled: false
-        directAccessGrantsEnabled: false
-        serviceAccountsEnabled: true
-        protocolMappers:
-          - name: "Client Host"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usersessionmodel-note-mapper"
-            consentRequired: false
-            config:
-              user.session.note: "clientHost"
-              userinfo.token.claim: true
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "clientHost"
-              jsonType.label: "String"
-          - name: "Client ID"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usersessionmodel-note-mapper"
-            consentRequired: false
-            config:
-              user.session.note: "client_id"
-              userinfo.token.claim: true
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "client_id"
-              jsonType.label: "String"
-          - name: "guardian-audience"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "guardian"
-              userinfo.token.claim: false
-              id.token.claim: false
-              access.token.claim: true
-          - name: "audiencemap"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "guardian-cli"
-              userinfo.token.claim: true
-              id.token.claim: true
-              access.token.claim: true
-          - name: "dn"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: false
-              user.attribute: "LDAP_ENTRY_DN"
-              id.token.claim: false
-              access.token.claim: true
-              claim.name: "dn"
-              jsonType.label: "String"
-          - name: "username"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-property-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "username"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "preferred_username"
-              jsonType.label: "String"
-          - name: "uid"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "uid"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "uid"
-              jsonType.label: "String"
-          - name: "email"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-property-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "email"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "email"
-              jsonType.label: "String"
-          - name: "Client IP Address"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usersessionmodel-note-mapper"
-            consentRequired: false
-            config:
-              user.session.note: "clientAddress"
-              userinfo.token.claim: true
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "clientAddress"
-              jsonType.label: "String"
-      - name: "guardian-scripts"
-        clientId: "guardian-scripts"
-        description: ""
-        rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        adminUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        surrogateAuthRequired: false
-        enabled: true
-        alwaysDisplayInConsole: false
-        clientAuthenticatorType: "client-secret"
-        redirectUris:
-          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/guardian/*"
-          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/guardian/*"
-        webOrigins:
-          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        bearerOnly: false
-        consentRequired: false
-        standardFlowEnabled: true
-        implicitFlowEnabled: false
-        directAccessGrantsEnabled: true
-        serviceAccountsEnabled: false
-        publicClient: true
-        frontchannelLogout: false
-        protocol: "openid-connect"
-        fullScopeAllowed: true
-        protocolMappers:
-          - name: "email"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-property-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "email"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "email"
-              jsonType.label: "String"
-          - name: "guardian-audience"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "guardian"
-              id.token.claim: false
-              access.token.claim: true
-              userinfo.token.claim: false
-          - name: "username"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-property-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "username"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "preferred_username"
-              jsonType.label: "String"
-          - name: "uid"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "uid"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "uid"
-              jsonType.label: "String"
-          - name: "audiencemap"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "guardian-scripts"
-              id.token.claim: true
-              access.token.claim: true
-              userinfo.token.claim: true
-          - name: "dn"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              aggregate.attrs: false
-              multivalued: false
-              userinfo.token.claim: false
-              user.attribute: "LDAP_ENTRY_DN"
-              id.token.claim: false
-              access.token.claim: true
-              claim.name: "dn"
-              jsonType.label: "String"
-        defaultClientScopes:
-          - "web-origins"
-          - "acr"
-          - "roles"
-          - "profile"
-          - "email"
-        optionalClientScopes:
-          - "address"
-          - "phone"
-          - "offline_access"
-          - "microprofile-jwt"
-      - name: "guardian-ui"
-        clientId: "guardian-ui"
-        rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
-        clientAuthenticatorType: "client-secret"
-        redirectUris:
-          - "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/guardian/*"
-        standardFlowEnabled: true
-        publicClient: true
-        implicitFlowEnabled: false
-        directAccessGrantsEnabled: false
-        serviceAccountsEnabled: false
-        protocol: "openid-connect"
-        fullScopeAllowed: true
-        protocolMappers:
-          - name: "uid"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "uid"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "uid"
-              jsonType.label: "String"
-          - name: "username"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-property-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "username"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "preferred_username"
-              jsonType.label: "String"
-          - name: "dn"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-attribute-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: "false"
-              user.attribute: "LDAP_ENTRY_DN"
-              id.token.claim: false
-              access.token.claim: true
-              claim.name: "dn"
-              jsonType.label: "String"
-          - name: "audiencemap"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "guardian"
-              id.token.claim: true
-              access.token.claim: true
-              userinfo.token.claim: true
-          - name: "email"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-usermodel-property-mapper"
-            consentRequired: false
-            config:
-              userinfo.token.claim: true
-              user.attribute: "email"
-              id.token.claim: true
-              access.token.claim: true
-              claim.name: "email"
-              jsonType.label: "String"
-          - name: "guardian-audience"
-            protocol: "openid-connect"
-            protocolMapper: "oidc-audience-mapper"
-            consentRequired: false
-            config:
-              included.client.audience: "guardian"
-              id.token.claim: false
-              access.token.claim: true
-              userinfo.token.claim: false
 
 containerSecurityContext:
   allowPrivilegeEscalation: false

helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}"
-      {{ .Values.charts.dovecot.repository }}"
 
   # Open-Xchange
   - name: "open-xchange-repo"
@@ -20,8 +19,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuite.registry }}/{{ .Values.charts.openXchangeAppSuite.repository }}"
-      {{ .Values.charts.openXchangeAppSuite.repository }}"
 
   # openDesk Open-Xchange Bootstrap
   # Source:
@@ -32,8 +30,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.openXchangeAppSuiteBootstrap.registry }}/{{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
-      {{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
 
 releases:
   - name: "dovecot"

helmfile/apps/open-xchange/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/open-xchange/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/openproject-bootstrap/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.openprojectBootstrap.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.openprojectBootstrap.registry }}/{{ .Values.charts.openprojectBootstrap.repository }}"
-      {{ .Values.charts.openprojectBootstrap.repository }}"
 
 releases:
   - name: "opendesk-openproject-bootstrap"

helmfile/apps/openproject-bootstrap/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/openproject-bootstrap/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/openproject/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.openproject.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.openproject.registry }}/{{ .Values.charts.openproject.repository }}"
-      {{ .Values.charts.openproject.repository }}"
 
 releases:
   - name: "openproject"

helmfile/apps/openproject/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/openproject/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/provisioning/helmfile-child.yaml.gotmpl

@@ -7,8 +7,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}"
-      {{ .Values.charts.oxConnector.repository }}"
 
 releases:
   - name: "ox-connector"

helmfile/apps/provisioning/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/provisioning/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/services/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.otterize.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.otterize.registry }}/{{ .Values.charts.otterize.repository }}"
-      {{ .Values.charts.otterize.repository }}"
 
   # openDesk Home
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-home
@@ -21,8 +20,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.home.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.home.registry }}/{{ .Values.charts.home.repository }}"
-      {{ .Values.charts.home.repository }}"
 
   # openDesk Certificates
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-certificates
@@ -32,8 +30,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.certificates.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.certificates.registry }}/{{ .Values.charts.certificates.repository }}"
-      {{ .Values.charts.certificates.repository }}"
 
   # openDesk PostgreSQL
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postgresql
@@ -43,8 +40,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.postgresql.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.postgresql.registry }}/{{ .Values.charts.postgresql.repository }}"
-      {{ .Values.charts.postgresql.repository }}"
 
   # openDesk MariaDB
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-mariadb
@@ -54,8 +50,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/{{ .Values.charts.mariadb.repository }}"
-      {{ .Values.charts.mariadb.repository }}"
 
   # openDesk dkimpy-milter
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dkimpy-milter
@@ -65,8 +60,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.dkimpy.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.dkimpy.registry }}/{{ .Values.charts.dkimpy.repository }}"
-      {{ .Values.charts.dkimpy.repository }}"
 
   # openDesk Postfix
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix
@@ -76,8 +70,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}"
-      {{ .Values.charts.postfix.repository }}"
 
   # openDesk ClamAV
   # https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-clamav
@@ -87,16 +80,14 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.clamav.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.clamav.registry }}/{{ .Values.charts.clamav.repository }}"
-      {{ .Values.charts.clamav.repository }}"
   - name: "clamav-simple-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.clamavSimple.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}"
-      {{ .Values.charts.clamavSimple.repository }}"
 
   # VMWare Bitnami
   # Source: https://github.com/bitnami/charts/
@@ -106,24 +97,21 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.memcached.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.memcached.registry }}/{{ .Values.charts.memcached.repository }}"
-      {{ .Values.charts.memcached.repository }}"
   - name: "redis-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.redis.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.redis.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.redis.registry }}/{{ .Values.charts.redis.repository }}"
-      {{ .Values.charts.redis.repository }}"
   - name: "minio-repo"
     keyring: "../../files/gpg-pubkeys/opencode.gpg"
     verify: {{ .Values.charts.minio.verify }}
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.minio.registry }}/{{ .Values.charts.minio.repository }}"
-      {{ .Values.charts.minio.repository }}"
 
 releases:
   - name: "opendesk-otterize"

helmfile/apps/services/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/services/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/apps/xwiki/helmfile-child.yaml.gotmpl

@@ -10,8 +10,7 @@ repositories:
     username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
     password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
     oci: true
-    url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/\
+    url: "{{ .Values.global.helmRegistry | default .Values.charts.xwiki.registry }}/{{ .Values.charts.xwiki.repository }}"
-      {{ .Values.charts.xwiki.repository }}"
 
 releases:
   - name: "xwiki"

helmfile/apps/xwiki/helmfile.yaml

@@ -1,12 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-License-Identifier: Apache-2.0
----
-bases:
-  - "../../bases/environments.yaml"
----
-helmfiles:
-  - path: "./helmfile-child.yaml"
-    values:
-      - {{ toYaml .Values | nindent 8 }}
-...

helmfile/apps/xwiki/helmfile.yaml.gotmpl

@@ -0,0 +1,12 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+bases:
+  - "../../bases/environments.yaml"
+---
+helmfiles:
+  - path: "./helmfile-child.yaml.gotmpl"
+    values:
+      - {{ toYaml .Values | nindent 8 }}
+...

helmfile/environments/default/charts.yaml

@@ -46,7 +46,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/collabora/charts-mirror"
     name: "collabora-online"
-    version: "1.1.20"
+    version: "1.1.21"
     verify: true
   cryptpad:
     # providerCategory: "Supplier"
@@ -122,7 +122,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
     name: "intercom-service"
-    version: "2.0.1"
+    version: "2.1.1"
     verify: true
   jitsi:
     # providerCategory: "Platform"
@@ -212,7 +212,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
     name: "opendesk-migrations"
-    version: "1.2.2"
+    version: "1.2.3"
     verify: true
   minio:
     # providerCategory: "Community"
@@ -261,10 +261,12 @@ charts:
     # upstreamRepository: "nubus/charts/nubus"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "19", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    # repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus-dev/charts"
     name: "nubus"
-    version: "0.33.0"
+    version: "0.61.0-post-jbornhold-plain-nubus-3"
     verify: true
   opendeskKeycloakBootstrap:
     # providerCategory: "Platform"

helmfile/environments/default/functional.yaml

@@ -34,7 +34,8 @@ functional:
     quota:
       # Set the default quota for all users in GB
       default: 1
-    # Options related to file sharing, changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
+    # Options related to file sharing.
+    # Changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
     sharing:
       # External shares
       external:

helmfile/environments/default/images.yaml

@@ -20,7 +20,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
-    tag: "24.04.7.1.2@sha256:6e3d64dfdf4a429c374f18947d7c4e987f585a13642817672123fd1963dc8a2d"
+    tag: "24.04.7.2.1@sha256:5b00478f2c6c7372b2a67e68783d9b1a91265679bbd4afdc1416e50720d50ce6"
   cryptpad:
     # providerCategory: "Supplier"
     # providerResponsible: "XWiki"
@@ -75,13 +75,13 @@ images:
   intercom:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
-    # upstreamRegistry: "https://quay.io"
+    # upstreamRegistry: "https://artifacts.software-univention.de"
-    # upstreamRepository: "univention/intercom-service"
+    # upstreamRepository: "nubus/images/intercom-service"
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
+    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["1", "6"]
+    # upstreamMirrorStartFrom: ["2", "1", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
+    tag: "2.1.1@sha256:889b82681883b2cec1267a744f135f5b25a716de6ca584f7565ccd118b6f6c4f"
   jibri:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
@@ -213,7 +213,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.2.1@sha256:241561c51dee3ccd4d54cf732020634291f124025946e6be983f850bbf4eb1d3"
+    tag: "1.2.2@sha256:32afdd71c5b8003ed1609e389494ce10c715c5db64d4ed32a74d65b0f0227e64"
   milter:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -269,9 +269,11 @@ images:
     # upstreamRepository: "nubus/images/data-loader"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "41", "5"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
-    tag: "0.60.0@sha256:9b43a66c32f4f66143db00b71cc62966df6ed809ec023a0d573a015f5d15305a"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/data-loader"
+    tag: "0.70.0@sha256:d1d916f11d3b035eb95b46fbc3da2f9c797f89d3f3ac56b9ab1c89482413bac6"
   nubusGuardianAuthorizationApi:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -309,9 +311,11 @@ images:
     # upstreamRepository: "nubus/images/guardian-init"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "3", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/guardian-init"
-    tag: "0.9.1@sha256:6006fb1c2779b906e7725df524f2587b2a610cc442793bf8f16b2b4b8c0494fb"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/guardian-init"
+    tag: "0.14.0@sha256:91613f123f7e46b321002d4b2b86c4635b79621376e513d4bea1bb1d01aa99f8"
   nubusKeycloak:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -321,7 +325,7 @@ images:
     # upstreamMirrorStartFrom: ["22", "0", "3"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-keycloak"
-    tag: "24.0.3-ucs1@sha256:cc66a1730abdd5abe88ac5cf045b6558f289bf1ae8d077ee884a42d785742f8b"
+    tag: "25.0.1-ucs1@sha256:61cb3e703672f6d8806af41bec8056ca84e295bbeb546fdb5349322d1174a43d"
   nubusKeycloakBootstrap:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -329,9 +333,11 @@ images:
     # upstreamRepository: "nubus/images/keycloak-bootstrap"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "1", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
-    tag: "0.1.0@sha256:351097e9e7b469f2fc149fe612ec6ad515d5e6b081d7e2785bd926a1d77209d2"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-bootstrap"
+    tag: "0.3.0@sha256:2911e8d5409f4e302b5c8c073cc6bf3f3622582e6eef43c63672ac4551712750"
   nubusKeycloakExtensionHandler:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -339,9 +345,11 @@ images:
     # upstreamRepository: "nubus/images/keycloak-handler"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-handler"
-    tag: "0.9.4@sha256:247182a965cc56fe2a891d42a7cfe84205804a9e58dd8f0a8191726a68cb9db1"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-handler"
+    tag: "0.11.0@sha256:aaba6527f37a7302cf54b0a689a1c11cb439bdc471e01d101726a05902714b9c"
   nubusKeycloakExtensionProxy:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -349,9 +357,11 @@ images:
     # upstreamRepository: "nubus/images/keycloak-proxy"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "0", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-proxy"
-    tag: "0.9.4@sha256:a572fe076a2ef5966433fec478c92cffade816e71f2b4661bd8dbcb9e60c8c2f"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/keycloak-proxy"
+    tag: "0.11.0@sha256:9b2079ed4078daee00d95ac2de4d72497131e699b967943db5be1c655048edb0"
   nubusLdapNotifier:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -359,9 +369,11 @@ images:
     # upstreamRepository: "nubus/images/ldap-notifier"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "8", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-notifier"
-    tag: "0.15.2@sha256:1f2a9d2136c8e87a4c4a59a94a2235d00e969c98bd7bfe75707a299918f271b5"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ldap-notifier"
+    tag: "0.25.2@sha256:9e29c7fb5c609d7e597f27e0384c4f932e6962cdf64012154d7b7c076755d86c"
   nubusLdapServer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -369,9 +381,11 @@ images:
     # upstreamRepository: "nubus/images/ldap-server"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "8", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/platform-development/images/temp-nubus-ldap-2.5-upgrade"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/ldap-server"
-    tag: "1.1.20@sha256:90f46b8817fa05e6e3ac3b2f053911198675805fb82db8240bfa41239d7e7c61"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/ldap-server"
+    tag: "0.25.2@sha256:2b9d53f93a93d0f3a659c81c0e44596da8941bd83c8e1f7301a24e46ca06dba2"
   nubusLdapServerDhInitContainer:
     # providerCategory: 'Community'
     # providerResponsible: 'Univention'
@@ -411,9 +425,11 @@ images:
     # upstreamRepository: "nubus/images/notifications-api"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
-    tag: "0.27.0@sha256:d99173199f20c701b29b8a3c1a46465085a873b37f413882e7d2e106e258c35a"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/notifications-api"
+    tag: "0.38.5@sha256:3c8be7a762cc2534f7fad3b8a350d906377dd3e35618f023a39f3c83ae159649"
   nubusOpendeskExtension:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -421,7 +437,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.1.0@sha256:3ff14d9c9611fc4d2bf818786b252eccda870e1beed6a716386cb6ab2bc8412b"
+    tag: "1.5.0@sha256:2bfdf79028ec788162cf75bf80b08ed5aa3f747430bc85fd5e0427decc9994de"
   nubusOpenPolicyAgent:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -441,7 +457,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "10", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/ox-extension"
-    tag: "0.10.0@sha256:f6f32ce0486594eca9c8682b10f60e9d174a526d5acd2ba4d0abcb8f522539b9"
+    tag: "0.11.0@sha256:2cb5a9683b6ff81b995a5c71da52c2ff8177b662bb0be8f11e9cd0c6b48d8a11"
   nubusPortalConsumer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -449,9 +465,11 @@ images:
     # upstreamRepository: "nubus/images/portal-consumer"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "27", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
-    tag: "0.27.0@sha256:e86bf827d1e93b61473a0730492f48f8dbf0d056b79dd9ecde7af1612696b144"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/portal-consumer"
+    tag: "0.38.5@sha256:25fe68ee9e075e5686fbc99ff50674184b7190ef6e26900fa773a5f471493164"
   nubusPortalExtension:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -461,7 +479,7 @@ images:
     # upstreamMirrorStartFrom: ["0", "28", "0"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-extension"
-    tag: "0.28.0@sha256:1ec467bebc402265e1c24b3d441c211faad1a025ded41afe8dd4687b7ad5a9a4"
+    tag: "0.38.0@sha256:aa6ec6b99810e05655d98fa1192bc2eabb855335f7a04aa4cd96ed5b5645d736"
   nubusPortalFrontend:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -469,19 +487,11 @@ images:
     # upstreamRepository: "nubus/images/portal-frontend"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
-    tag: "0.29.0@sha256:3af3d5d24f690557b4a644d5720113dca0c802465b0e43466b49db27acd37939"
+    registry: "artifacts.software-univention.de"
-  nubusPortalListener:
+    repository: "nubus/images/portal-frontend"
-    # providerCategory: "Supplier"
+    tag: "0.38.5@sha256:1e5f364fa3a58ae82e0804069144ad07ad7e14ee86ed1ed5188ae7c49119375b"
-    # providerResponsible: "Univention"
-    # upstreamRegistry: "https://artifacts.software-univention.de"
-    # upstreamRepository: "nubus/images/portal-listener"
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-listener"
-    tag: "0.24.2@sha256:98306b30c99e190ece6633921d9d54297634b0e4ca58ceaf0794c7050f0b8470"
   nubusPortalServer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -489,9 +499,11 @@ images:
     # upstreamRepository: "nubus/images/portal-server"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
-    tag: "0.27.0@sha256:e1ad659feb4a1948d07e6e7d99b94b6bdbd4525d96f4cf9a010b75189f0082fc"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/portal-server"
+    tag: "0.38.5@sha256:37b41ad73ad88e33bdb2f1021ff507dfe6fbfb87e7e392552828f1a746e4ea74"
   nubusProvisioningDispatcher:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -499,9 +511,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-dispatcher"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
-    tag: "0.28.3@sha256:79c81b0143e78c7cabb1efd63d47530eac686fba11db57c173abd8ebdd396778"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-dispatcher"
+    tag: "0.41.0@sha256:03698135b4d8774466e7ad1fb7e8c45e4d30915cc37dd177462fa0fb21b23369"
   nubusProvisioningEventsAndConsumerApi:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -509,9 +523,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-events-and-consumer-api"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.28.3@sha256:5b0a2c52d715fde613ecfedb3a3f5e47b9eb73cdcf4c373a9cc58248a919f2bf"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-events-and-consumer-api"
+    tag: "0.41.0@sha256:62387632bc206c4f71e663ab7dc02965897eb242d8cb79cdc7be440383d628a3"
   nubusProvisioningPrefill:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -519,9 +535,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-prefill"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.28.3@sha256:a98bce46144a6ff943b0432b66277393b7b476b8969b221b9069c708d3380f5d"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-prefill"
+    tag: "0.41.0@sha256:f71bef33c8aa467ec52b3802bc1684b8f1fb7789606762e33ba66dc9648d27f8"
   nubusProvisioningUdmListener:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -529,9 +547,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-udm-listener"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.28.3@sha256:b9c452e55e6716f93309bef0af7d401e218cd1e6ea9ad3d2819fb10dd631aecd"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-udm-listener"
+    tag: "0.41.0@sha256:3c7166970f1f8cb9e04eb5d622093a49dc0bc11ef525d0a1dffc13b648b333ac"
   nubusProvisioningUdmTransformer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -539,9 +559,11 @@ images:
     # upstreamRepository: "nubus/images/provisioning-udm-transformer"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "14", "0"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
-    tag: "0.29.0@sha256:68e27eb9560d2729e9065da3573f28073c5e53fedabac4d19562c4b8c6c1d1f3"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/provisioning-udm-transformer"
+    tag: "0.41.0@sha256:5b251667411c33137043e31ebf1befaa392ff100040485b7d8cce9daa9f32e8c"
   nubusSelfserviceInvitation:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -549,27 +571,11 @@ images:
     # upstreamRepository: "nubus/images/selfservice-invitation"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "3", "2"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
-    tag: "0.6.4@sha256:3fcc56c2e039a5a503183ec272fea334083079ceb83c8af7283f9be9b4334d71"
+    registry: "artifacts.software-univention.de"
-  nubusSelfserviceListener:
+    repository: "nubus/images/selfservice-invitation"
-    # providerCategory: "Supplier"
+    tag: "0.10.0@sha256:605d92c960111726366cf5be06516349876103b0cb676051cfc2afab8b43f476"
-    # providerResponsible: "Univention"
-    # upstreamRegistry: "https://artifacts.software-univention.de"
-    # upstreamRepository: "nubus/images/selfservice-listener"
-    # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
-    # upstreamMirrorStartFrom: ["0", "3", "2"]
-    registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-listener"
-    tag: "0.6.4@sha256:9605072b60d832ba165d8b7f9b1b7195693e7d5744479af321e4cf242f9ea500"
-  nubusStackGateway:
-    # providerCategory: "Community"
-    # providerResponsible: "Univention"
-    # upstreamRegistry: "https://registry-1.docker.io"
-    # upstreamRepository: "bitnami/nginx"
-    registry: "registry-1.docker.io"
-    repository: "bitnami/nginx"
-    tag: "1.25.4@sha256:dd352b597f4c38ae24abec411710f4249fb5c793293c7ed04737db6b41d32d24"
   nubusUdmRestApi:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -577,9 +583,11 @@ images:
     # upstreamRepository: "nubus/images/udm-rest-api"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
-    tag: "0.19.0@sha256:41482c459655afa36eaf9ec21354ff8417e4da5e3a787ec2f865730952f6bb61"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/udm-rest-api"
+    tag: "0.24.0@sha256:113251d8052f69ac0c7af721954d1711231ca72de1ce6565bb86cdadf53a0ad9"
   nubusUmcGateway:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -587,9 +595,11 @@ images:
     # upstreamRepository: "nubus/images/umc-gateway"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "7", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
-    tag: "0.22.2@sha256:fe4d2c148946da6f5e92201f398ebd0d5a72795c50648993bd220ea1e228658d"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/umc-gateway"
+    tag: "0.32.0@sha256:d47716784ea86659ef93b1e79b0edd72a69d5e8169704accaf6213f01d4e395e"
   nubusUmcServer:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -597,9 +607,11 @@ images:
     # upstreamRepository: "nubus/images/umc-server"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "7", "3"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
-    tag: "0.22.2@sha256:474497f561c3532b37b7d5e77ec36bd1fefc4fbeaab9747b481533b0da086586"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/umc-server"
+    tag: "0.32.0@sha256:e2b28d54e9b9c0a3f0267a631dd0f2b18e04a8f8438986b570a9c8a5ccb06001"
   nubusWaitForDependency:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -607,9 +619,11 @@ images:
     # upstreamRepository: "nubus/images/wait-for-dependency"
     # upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
     # upstreamMirrorStartFrom: ["0", "9", "4"]
-    registry: "registry.opencode.de"
+    # registry: "registry.opencode.de"
-    repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
+    # repository: "bmi/opendesk/components/supplier/univention/images-mirror/wait-for-dependency"
-    tag: "0.25.0@sha256:71a4d66fd67db6f92212b1936862b2b0d5a678d412213d74452a9195c2fe67f7"
+    registry: "artifacts.software-univention.de"
+    repository: "nubus/images/wait-for-dependency"
+    tag: "0.26.0"
   opendeskKeycloakBootstrap:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"

helmfile/environments/default/persistence.yaml

@@ -19,7 +19,6 @@ persistence:
     nubus:
       ldapServerData: "1Gi"
       ldapServerShared: "1Gi"
-      portalListener: "1Gi"
+      portalConsumer: "1Gi"
-      selfserviceListener: "1Gi"
     xwiki: "1Gi"
 ...

helmfile/environments/default/replicas.yaml

@@ -82,18 +82,23 @@ replicas:
   umsKeycloakExtensionsProxy: 1
   # -- scalable: tbd
   umsLdapNotifier: 1
-  # -- scalable: tbd
+  # -- scalable: false
-  umsLdapServer: 1
+  # -- comment: Experimental feature and not supported.
+  umsLdapServerPrimary: 1
+  # -- scalable: true
+  umsLdapServerSecondary: 1
+  # -- scalable: true
+  umsLdapServerProxy: 1
   # -- scalable: tbd
   umsNotificationsApi: 1
   # -- scalable: true
   umsPortalFrontend: 1
-  # -- scalable: tbd
+  # -- scalable: false
-  umsPortalListener: 1
+  umsPortalConsumer: 1
   # -- scalable: true
   umsPortalServer: 1
   # -- scalable: tbd
-  umsSelfserviceListener: 1
+  umsSelfserviceConsumer: 1
   # -- scalable: tbd
   umsStackGateway: 1
   # -- scalable: true
@@ -139,7 +144,9 @@ replicas:
   # -- scalable: true
   openprojectWeb: 1
   # -- scalable: true
-  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). See [upstream Helm chart documentation](https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/) for details, as e.g. dedicated workers to specific queues are in general possible with OpenProject as well.Share 
+  # -- comment: Async service working on processing queue content. Can work on queues in parallel (when needed). Check
+  # https://www.openproject.org/docs/installation-and-operations/installation/helm-chart/ for details, as e.g.
+  # dedicated workers for specific queues are possible with OpenProject.
   openprojectWorker: 1
 
   # -- component: Groupware (OX Appsuite)

helmfile/environments/default/resources.yaml

@@ -471,14 +471,28 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsPortalListener:
+  umsPortalConsumer:
     limits:
       cpu: 99
       memory: "1Gi"
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsPortalListenerDependencies:
+  umsPortalConsumerDependencies:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsPortalConsumer:
+    limits:
+      cpu: 99
+      memory: "1Gi"
+    requests:
+      cpu: 0.1
+      memory: "256Mi"
+  umsPortalConsumerDependencies:
     limits:
       cpu: 99
       memory: "1Gi"
@@ -527,7 +541,7 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsSelfserviceListener:
+  umsSelfserviceConsumer:
     limits:
       cpu: 99
       memory: "1Gi"
@@ -548,13 +562,6 @@ resources:
     requests:
       cpu: 0.1
       memory: "256Mi"
-  umsStackDataSwp:
-    limits:
-      cpu: 99
-      memory: "1Gi"
-    requests:
-      cpu: 0.1
-      memory: "256Mi"
   umsStackGateway:
     limits:
       cpu: 99
@@ -586,7 +593,7 @@ resources:
   umsUmcServer:
     limits:
       cpu: 99
-      memory: "1Gi"
+      memory: "2Gi"
     requests:
       cpu: 0.1
       memory: "256Mi"

helmfile/environments/default/secrets.gotmpl

@@ -34,21 +34,19 @@ secrets:
     systemAccounts:
       administratorPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "Administrator" | sha1sum | quote }}
       sysIdpUserPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "sysIdpUser" | sha1sum | quote }}
-    storeDavUsers:
+    portalConsumer:
-      portalServer: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-server" "store-dav" | sha1sum | quote }}
+      provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-consumer" "provisioning-api" | sha1sum | quote }}
-      portalListener: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "portal-listener" "store-dav" | sha1sum | quote }}
+    selfserviceConsumer:
+      provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "selfservice-consumer" "provisioning-api" | sha1sum | quote }}
     provisioning:
-      apiNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
+      api:
-      apiAdminNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "apiAdmin" "nats" | sha1sum | quote }}
+        adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
-      apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "admin_api" | sha1sum | quote }}
+        natsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "api" "nats" | sha1sum | quote }}
-      dispatcherPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "dispatcher_service" | sha1sum | quote }}
+        prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
-      prefillPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "prefill_service" | sha1sum | quote }}
+        udmTransformerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
-      prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
-      udmProducerPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmproducer" "events_api" | sha1sum | quote }}
       dispatcherNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "dispatcher" "nats" | sha1sum | quote }}
-      dispatcherUdmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
+      prefillNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "prefill" "nats" | sha1sum | quote }}
-      udmListenerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmlistener" "nats" | sha1sum | quote }}
+      udmTransformerNatsPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "udmTransformer" "nats" | sha1sum | quote }}
-      udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
     guardian:
       udmPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "udm" | sha1sum | quote }}
   nats:

helmfile/environments/default/selinux.yaml

@@ -77,7 +77,7 @@ seLinuxOptions:
   umsNotificationsApi: ~
   umsOpenPolicyAgent: ~
   umsPortalFrontend: ~
-  umsPortalListener: ~
+  umsPortalConsumer: ~
   umsPortalServer: ~
   umsProvisioningDispatcher: ~
   umsProvisioningEventsAndConsumerApi: ~
@@ -86,7 +86,7 @@ seLinuxOptions:
   umsProvisioningNatsReloader: ~
   umsProvisioningUdmListener: ~
   umsSelfserviceInvitation: ~
-  umsSelfserviceListener: ~
+  umsSelfserviceConsumer: ~
   umsStackGateway: ~
   umsStoreDav: ~
   umsUdmRestApi: ~

helmfile/environments/test/values.yaml.gotmpl

@@ -21,8 +21,7 @@ persistence:
     nubus:
       ldapServerData: "42Gi"
       ldapServerShared: "42Gi"
-      portalListener: "42Gi"
+      portalConsumer: "42Gi"
-      selfserviceListener: "42Gi"
     postfix: "42Gi"
     postgresql: "42Gi"
     prosody: "42Gi"
@@ -91,9 +90,9 @@ replicas:
   umsLdapServer: 42
   umsNotificationsApi: 42
   umsPortalFrontend: 42
-  umsPortalListener: 42
+  umsPortalConsumer: 42
   umsPortalServer: 42
-  umsSelfserviceListener: 42
+  umsSelfserviceConsumer: 42
   umsStackGateway: 42
   umsUdmRestApi: 42
   umsUmcGateway: 42

helmfile_generic.yaml

@@ -1,43 +0,0 @@
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
-# SPDX-License-Identifier: Apache-2.0
----
-#
-# Advanced Configuration: Nested States
-#
-helmfiles:
-  # Path to the helmfile state file being processed BEFORE releases in this state file
-  - path: "helmfile/apps/migrations-pre/helmfile-child.yaml"
-    values: &values
-      - "helmfile/environments/default/*.yaml"
-      - "helmfile/environments/default/*.gotmpl"
-      - {{ toYaml .Values | nindent 8 }}
-  - path: "helmfile/apps/services/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/nubus/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/intercom-service/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/open-xchange/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/nextcloud/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/collabora/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/cryptpad/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/jitsi/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/element/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/openproject/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/xwiki/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/provisioning/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/openproject-bootstrap/helmfile-child.yaml"
-    values: *values
-  - path: "helmfile/apps/migrations-post/helmfile-child.yaml"
-    values: *values
-missingFileHandler: "Error"
-...

helmfile_generic.yaml.gotmpl

@@ -0,0 +1,43 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+#
+# Advanced Configuration: Nested States
+#
+helmfiles:
+  # Path to the helmfile state file being processed BEFORE releases in this state file
+  - path: "helmfile/apps/migrations-pre/helmfile-child.yaml.gotmpl"
+    values: &values
+      - "helmfile/environments/default/*.yaml"
+      - "helmfile/environments/default/*.gotmpl"
+      - {{ toYaml .Values | nindent 8 }}
+  - path: "helmfile/apps/services/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/nubus/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/intercom-service/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/open-xchange/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/nextcloud/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/collabora/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/cryptpad/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/jitsi/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/element/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/openproject/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/xwiki/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/provisioning/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/openproject-bootstrap/helmfile-child.yaml.gotmpl"
+    values: *values
+  - path: "helmfile/apps/migrations-post/helmfile-child.yaml.gotmpl"
+    values: *values
+missingFileHandler: "Error"
+...