fix(open-xchange): Align maximum attachment size with functional.groupware.mail.maxSize

docs/migrations.md

@@ -12,10 +12,10 @@ SPDX-License-Identifier: Apache-2.0
 * [Manual checks/actions](#manual-checksactions)
   * [Versions ≥ v1.11.0](#versions--v1110)
     * [Pre-upgrade to versions ≥ v1.11.0](#pre-upgrade-to-versions--v1110)
-      * [Deployment cleanup: Collabora Controller](#deployment-cleanup-collabora-controller)
       * [Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)](#helmfile-new-option-annotations-for-external-services-dovecot-jitsi-jvb-postfix)
   * [Versions ≥ v1.10.0](#versions--v1100)
     * [Pre-upgrade to versions ≥ v1.10.0](#pre-upgrade-to-versions--v1100)
+      * [Deployment cleanup: Collabora Controller](#deployment-cleanup-collabora-controller)
       * [Helmfile new secret: `secrets.nubus.ldapSearch.postfix`](#helmfile-new-secret-secretsnubusldapsearchpostfix)
       * [Helmfile new secret: `secrets.doveocot.sharedMailboxesMasterPassword`](#helmfile-new-secret-secretsdoveocotsharedmailboxesmasterpassword)
       * [New Helmfile default: Nubus provisioning debug container no longer deployed](#new-helmfile-default-nubus-provisioning-debug-container-no-longer-deployed)
@@ -189,25 +189,6 @@ If you would like more details about the automated migrations, please read secti
 
 ### Pre-upgrade to versions ≥ v1.11.0
 
-#### Deployment cleanup: Collabora Controller
-
-**Target group:** Existing openDesk Enterprise deployments using Collabora Controller. Actually only long running
-deployments are affected, but following the instructions won't hurt.
-
-As per upstream release notes for [Collabora Online Controller 1.1.7](https://www.collaboraonline.com/cool-controller-release-notes/)
-you have to remove the existing leases of the Controller. You can do so by setting `<your_namespace>` and executing
-the commands below.
-
-```shell
-export NAMESPACE=<your_namespace>
-export COLLABORA_CONTROLLER_DEPLOYMENT_NAME=collabora-controller-cool-controller
-kubectl -n ${NAMESPACE} scale deployment/${COLLABORA_CONTROLLER_DEPLOYMENT_NAME} --replicas=0
-kubectl -n ${NAMESPACE} delete -n collabora leases.coordination.k8s.io collabora-online
-```
-
-> [!note]
-> The Collabora Online Controller is not scaled up again, as this would happen as part of the upgrade deployment.
-
 #### Helmfile new option: Annotations for external services (Dovecot, Jitsi JVB, Postfix)
 
 **Target group:** Existing deployments using `service` annotations.
@@ -237,6 +218,25 @@ annotations for the external service use the newly introduced key `annotations.o
 
 ### Pre-upgrade to versions ≥ v1.10.0
 
+#### Deployment cleanup: Collabora Controller
+
+**Target group:** Existing openDesk Enterprise deployments using Collabora Controller. Actually only long running
+deployments are affected, but following the instructions won't hurt.
+
+As per upstream release notes for [Collabora Online Controller 1.1.4](https://www.collaboraonline.com/cool-controller-release-notes/)
+you have to remove the existing leases of the Controller. You can do so by setting `<your_namespace>` and executing
+the commands below.
+
+```shell
+export NAMESPACE=<your_namespace>
+export COLLABORA_CONTROLLER_DEPLOYMENT_NAME=collabora-controller-cool-controller
+kubectl -n ${NAMESPACE} scale deployment/${COLLABORA_CONTROLLER_DEPLOYMENT_NAME} --replicas=0
+kubectl -n ${NAMESPACE} delete -n collabora leases.coordination.k8s.io collabora-online
+```
+
+> [!note]
+> The Collabora Online Controller is not scaled up again, as this would happen as part of the upgrade deployment.
+
 #### Helmfile new secret: `secrets.nubus.ldapSearch.postfix`
 
 **Target group:** All existing deployments that use self-defined secrets.

helmfile/apps/cryptpad/values.yaml.gotmpl

@@ -17,7 +17,14 @@ application_config:
 #    - "diagram"
 
 autoscaling:
-  enabled: false
+  enabled: {{ .Values.technical.cryptpad.autoscaling.enabled }}
+  minReplicas: {{ .Values.technical.cryptpad.autoscaling.minReplicas }}
+  maxReplicas: {{ .Values.technical.cryptpad.autoscaling.maxReplicas }}
+  targetCPUUtilizationPercentage: {{ .Values.technical.cryptpad.autoscaling.targetCPUUtilizationPercentage }}
+  targetMemoryUtilizationPercentage: {{ .Values.technical.cryptpad.autoscaling.targetMemoryUtilizationPercentage }}
+
+config:
+  maxWorkers: {{ .Values.technical.cryptpad.maxWorkers }}
 
 enableEmbedding: true
 

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -53,6 +53,8 @@ global:
   configUcr:
     directory:
       manager:
+        mail-address:
+          uniqueness: "True"
         rest:
           authorized-groups:
             domain-admins: __DELETE_KEY__
@@ -67,9 +69,9 @@ global:
                   description:
                     syntax: "TextArea"
                   firstname:
-                    required: "true"
+                    required: "True"
                   mailPrimaryAddress:
-                    required: "true"
+                    required: "True"
                   username:
                     syntax: "uid"
                 search:

helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl

@@ -266,6 +266,9 @@ appsuite:
             com.openexchange.mail.filter.passwordSource: global
             com.openexchange.mail.filter.masterPassword:  {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
             com.openexchange.mail.filter.preferredSaslMech: ""
+            # Loosen API the rate limit
+            com.openexchange.servlet.maxRateTimeWindow: "60000"
+            com.openexchange.servlet.maxRate: "3000"
           propertiesFiles:
             /opt/open-xchange/etc/masterpassword-authentication.properties:
               com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppSuite.migrationsMasterPassword | quote }}
@@ -632,6 +635,12 @@ appsuite:
       com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppSuite.shareCryptKey | quote }}
       com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppSuite.synapseAsToken | quote }}
     propertiesFiles:
+      /opt/open-xchange/etc/server.properties:
+        MAX_UPLOAD_SIZE: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
+      /opt/open-xchange/etc/infostore.properties:
+        MAX_UPLOAD_SIZE: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
+      /opt/open-xchange/etc/attachment.properties:
+        MAX_UPLOAD_SIZE: {{ mul .Values.functional.groupware.mail.maxSize 1024 1024 | int | printf "%d" | quote }}
       /opt/open-xchange/etc/AdminDaemon.properties:
         MASTER_ACCOUNT_OVERRIDE: "true"
       /opt/open-xchange/etc/AdminUser.properties:

helmfile/apps/opendesk-services/values-opendesk-static-files.yaml.gotmpl

@@ -92,12 +92,13 @@ containerSecurityContext:
     drop:
       - "ALL"
   enabled: true
-  runAsUser: 101
+  privileged: false
-  runAsGroup: 101
-  seccompProfile:
-    type: "RuntimeDefault"
   readOnlyRootFilesystem: true
   runAsNonRoot: true
+  runAsGroup: 101
+  runAsUser: 101
+  seccompProfile:
+    type: "RuntimeDefault"
   seLinuxOptions:
     {{ .Values.seLinuxOptions.opendeskStaticFiles | toYaml | nindent 4 }}
 

helmfile/environments/default/charts.yaml.gotmpl

@@ -65,7 +65,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
     name: "cool-controller"
-    version: "1.1.11"
+    version: "1.1.10"
     verify: false
   cryptpad:
     # providerCategory: "Supplier"

helmfile/environments/default/images.yaml.gotmpl

@@ -57,7 +57,7 @@ images:
     # providerResponsible: "Collabora"
     registry: "registry.opencode.de"
     repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
-    tag: "1.1.7@sha256:f9b43219cf9de521b39bfe91e78b1e5e32a0b61712ab4ca2b401c67bc4a326fc"
+    tag: "1.1.6@sha256:7935f21bf75cdddbbbd01754d8d0458014a68ab64b08121c8fca7a2715e0d85b"
   cryptpad:
     # providerCategory: "Supplier"
     # providerResponsible: "XWiki"

helmfile/environments/default/technical.yaml.gotmpl

@@ -3,9 +3,28 @@
 ---
 technical:
 
+  # Cryptpad related technical settings
+  cryptpad:
+    # Define how many child processes are initially spawned, even without any user accessing Cryptpad.
+    # Ref.: https://github.com/cryptpad/cryptpad/blob/0dd3c1f53d56dffb06651b86ead6b9b387920173/config/config.example.js#L111
+    maxWorkers: 4
+    # Autoscaling options
+    autoscaling:
+      # Enable the Autoscaling
+      enabled: false
+      # Minimal numbers of replicas
+      minReplicas: 1
+      # Maximum numbers of replicas
+      maxReplicas: 100
+      # Percentage of the targeted CPU Utilization
+      targetCPUUtilizationPercentage: 80
+      # Percentage of the targeted Memory Utilization
+      targetMemoryUtilizationPercentage: 80
+
   # Collabora related technical settings
   collabora:
-    # Defines the value for the start parameter `-o:num_prespawn_children`
+    # Set the value for the start parameter `-o:num_prespawn_children` to define how many child processes
+    # are initially spawned, even without any user accessing Collabora.
     numPrespawnChildren: 4
 
   # Dovecot EE related settings