chore(release): 0.8.1 [skip ci]

## [0.8.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.8.0...v0.8.1) (2024-07-01)

### Bug Fixes

* **collabora:** Bump image to 24.04.4.1.1. ([368fe13](368fe13ddb))
* **collabora:** Bump image to 24.04.4.2.1. ([01767d3](01767d3806))
* **docs:** Add Ports section to getting started. ([c07b25c](c07b25c4b9))
* **docs:** Correction regarding the currently supported ingress controller. ([8514908](85149086ae))
* **docs:** Update regarding the currently supported ingress controller. ([064a5ad](064a5ad246))
* **element:** Provide the internal cluster domain to `synapse-web`. ([a8692d5](a8692d5506))
* **helmfile:** Add script to ease local development of platform charts. ([d8f3e05](d8f3e05e58))
* **helmfile:** Enable SMTP for XWiki and Element/Synapse; Streamline mail sender addresses within platform based on `<localpart>@<component>.<domain>` and allow configuration of `<localpart>`. ([01c5e6b](01c5e6b359))
* **helmfile:** Include all `.yaml.gotmpl` files for the envs in `environments.yaml`. ([e523434](e52343440d))
* **helmfile:** Streamline `functional.yaml`. *Upgrade notice:* If you set a non default value for `.Values.portal.enableDeploymentInformation` please change it to `.Values.admin.portal.deploymentInformation.enabled` with this version. ([e89b16a](e89b16a747))
* **jitsi:** Update PatchJVB bitnami/kubectl image to 1.30.2. ([6ef3641](6ef3641d82))
* **nubus:** Enable Keycloak's user account console. ([c03e4a5](c03e4a5340))
* **nubus:** Remove doublette ingress annotations. ([890b36e](890b36ecbb))
* **open-xchange:** Fixing YAML indentation of updater resources ([0ce346b](0ce346b162))
* **openproject:** Bump image to 14.2.0. ([1ad35f1](1ad35f1e12))
* **openproject:** Switch DBInit container image to Alpine based version to reduce footprint. ([c90f7c1](c90f7c1742))
* **openproject:** Update PostgreSQL image for DB init to 16.3. ([45e5699](45e569955d))
* **services:** Allow Postfix "relayHost" to be empty. ([7268f60](7268f607a5))

.gitlab-ci.yml

@@ -15,12 +15,16 @@ include:
     ref: "main"
   - local: "/.gitlab/lint/lint-opendesk.yml"
     rules:
-      - if: "$JOB_OPENDESK_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'"
+      - if: >
+            $JOB_OPENDESK_LINTER_ENABLED == 'false' ||
+            $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'
         when: "never"
       - when: "always"
   - local: "/.gitlab/lint/lint-kyverno.yml"
     rules:
-      - if: "$JOB_KYVERNO_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'"
+      - if: >
+            $JOB_OPENDESK_LINTER_ENABLED == 'false' ||
+            $CI_PIPELINE_SOURCE =~ 'tags|merge_request_event|web|trigger|api'
         when: "never"
       - when: "always"
 

CHANGELOG.md

@@ -1,3 +1,27 @@
+## [0.8.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.8.0...v0.8.1) (2024-07-01)
+
+
+### Bug Fixes
+
+* **collabora:** Bump image to 24.04.4.1.1. ([368fe13](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/368fe13ddb080f0c8f42cbd3612a29f818308708))
+* **collabora:** Bump image to 24.04.4.2.1. ([01767d3](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/01767d38061259853e4bd8b2eba31d3b04c4e672))
+* **docs:** Add Ports section to getting started. ([c07b25c](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c07b25c4b9a702e214373fe08d95827286ebd866))
+* **docs:** Correction regarding the currently supported ingress controller. ([8514908](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/85149086ae70cb85a1718715747985a3da2a7b64))
+* **docs:** Update regarding the currently supported ingress controller. ([064a5ad](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/064a5ad246ea7217c2fb107787228d7aca9b5028))
+* **element:** Provide the internal cluster domain to `synapse-web`. ([a8692d5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/a8692d5506dc65895a562423d8ddb7da9078fc3a))
+* **helmfile:** Add script to ease local development of platform charts. ([d8f3e05](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/d8f3e05e584116f6196d43e0ea9bb8946ab2e5ab))
+* **helmfile:** Enable SMTP for XWiki and Element/Synapse; Streamline mail sender addresses within platform based on `<localpart>@<component>.<domain>` and allow configuration of `<localpart>`. ([01c5e6b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/01c5e6b359dd5eb42c98e818da301871bea79264))
+* **helmfile:** Include all `.yaml.gotmpl` files for the envs in `environments.yaml`. ([e523434](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e52343440d81c0596177399058b4711cc0d5da67))
+* **helmfile:** Streamline `functional.yaml`. *Upgrade notice:* If you set a non default value for `.Values.portal.enableDeploymentInformation` please change it to `.Values.admin.portal.deploymentInformation.enabled` with this version. ([e89b16a](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/e89b16a747f95be7661b1fd4f5c90acce638542e))
+* **jitsi:** Update PatchJVB bitnami/kubectl image to 1.30.2. ([6ef3641](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6ef3641d82d88d6fed80652b239bc63115abbf2d))
+* **nubus:** Enable Keycloak's user account console. ([c03e4a5](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c03e4a534090dde46363a7cfab718bb307e22621))
+* **nubus:** Remove doublette ingress annotations. ([890b36e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/890b36ecbb8c9311b5048d8d6d50ee5acf00ea61))
+* **open-xchange:** Fixing YAML indentation of updater resources ([0ce346b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/0ce346b162feb0bc6fee7f18caee84917117abe1))
+* **openproject:** Bump image to 14.2.0. ([1ad35f1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1ad35f1e12e236607e3830da6d08010eb465b501))
+* **openproject:** Switch DBInit container image to Alpine based version to reduce footprint. ([c90f7c1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/c90f7c1742d415d5a787ff5832959e2974b77b83))
+* **openproject:** Update PostgreSQL image for DB init to 16.3. ([45e5699](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/45e569955d09c584490e6826651f7564567c1f9b))
+* **services:** Allow Postfix "relayHost" to be empty. ([7268f60](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/7268f607a5839c6e940ce07fa15c1ffec9610d19))
+
 # [0.8.0](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v0.7.1...v0.8.0) (2024-06-10)
 
 

README.md

@@ -28,17 +28,17 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
 
 openDesk currently features the following functional main components:
 
-| Function             | Functional Component        | Component<br/>Version                                                                                          | Upstream Documentation                                                                                                                       |
+| Function             | Functional Component        | Component<br/>Version                                                                 | Upstream Documentation                                                                                                                       |
-| -------------------- | --------------------------- | -------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
-| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)                                 | [For the most recent release](https://element.io/user-guide)                                                                                 |
+| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)        | [For the most recent release](https://element.io/user-guide)                                                                                 |
-| Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                               | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
+| Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                      | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
-| File management      | Nextcloud                   | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5)                                                           | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
+| File management      | Nextcloud                   | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5)                                  | [Nextcloud 28](https://docs.nextcloud.com/)                                                                                                  |
-| Groupware            | OX App Suite                | [8.23](https://documentation.open-xchange.com/appsuite/releases/8.23/)                                         | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
+| Groupware            | OX App Suite                | [8.23](https://documentation.open-xchange.com/appsuite/releases/8.23/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
-| Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)                                        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
+| Knowledge management | XWiki                       | [15.10.8](https://www.xwiki.org/xwiki/bin/view/Blog/XWiki15108Released)               | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
-| Portal & IAM         | Nubus                       | Product Preview[^1]                                                                                            | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
+| Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
-| Project management   | OpenProject                 | [14.1.1](https://www.openproject.org/docs/release-notes/14-1-1/)                                               | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
+| Project management   | OpenProject                 | [14.2.0](https://www.openproject.org/docs/release-notes/14-2-0/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
-| Videoconferencing    | Jitsi                       | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457)                          | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
+| Videoconferencing    | Jitsi                       | [2.0.9457](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9457) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
-| Weboffice            | Collabora                   | [24.04.4.1.1](https://www.collaboraoffice.com/collabora-online-24-04-release-notes/)                           | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
+| Weboffice            | Collabora                   | [24.04.4.2.1](https://www.collaboraoffice.com/code-24-04-release-notes/)              | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |
 
 While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
 align the applications with best practices regarding container design and operations.

cspell.json

@@ -67,7 +67,9 @@
         "IMAPS",
         "xwiki",
         "cryptpad",
-        "clamav"
+        "clamav",
+        "templating",
+        "localpart"
     ],
     "ignoreWords": [],
     "import": []

dev/README.md

@@ -3,7 +3,7 @@ SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlic
 SPDX-License-Identifier: Apache-2.0
 -->
 
-<h1>Tools for local development<h1>
+<h1>Tools for local development</h1>
 
 * [charts-local.py](#charts-localpy)
   * [Commandline parameter](#commandline-parameter)
@@ -13,8 +13,9 @@ SPDX-License-Identifier: Apache-2.0
 # charts-local.py
 
 This script helps you on cloning the platform development Helm charts and referencing them directly in the openDesk
-Helmfile deployment for comfortable local development and deployment. The charts will be cloned into a directory
+Helmfile deployment for comfortable local test and development. The charts will be cloned into a directory
-parallel to the `opendesk` repo that is named after the branch you are working in the `opendesk` repo with.
+parallel created next to the `opendesk` repo containing this documentation and the `charts-local.py` script.
+The name of the chart directory is derived from the branch name you are working with in this `opendesk` repo.
 
 The script will create `.bak` copies of the helmfiles that have been touched.
 

dev/charts-local.py

@@ -69,18 +69,16 @@ def create_or_switch_branch_base_repo():
     return branch
 
 
-def clone_charts_locally(branch):
+def clone_charts_locally(branch, charts):
     charts_clone_path = script_path+'/../../'+branch.replace('/', '_')
     charts_dict = {}
-    remote_dict = {}
+    doublette_dict = {}
     if os.path.isdir(charts_clone_path):
         logging.warning(f"Path {charts_clone_path} already exists, will not clone any charts.")
     else:
         logging.debug(f"creating directory {charts_clone_path} to clone charts into")
         Path(charts_clone_path).mkdir(parents=True, exist_ok=True)
 
-    with open(charts_yaml, 'r') as file:
-        charts = yaml.safe_load(file)
     for chart in charts['charts']:
         if 'opendesk/components/platform-development/charts' in charts['charts'][chart]['repository']:
             tag = charts['charts'][chart]['version']
@@ -88,9 +86,9 @@ def clone_charts_locally(branch):
             repository = charts['charts'][chart]['repository']
             git_url = options.git_hostname+':'+repository
             chart_repo_path = charts_clone_path+'/'+charts['charts'][chart]['name']
-            if git_url in remote_dict:
+            if git_url in doublette_dict:
-                logging.debug(f"{chart} located at {git_url} is already checked out to {remote_dict[git_url]}")
+                logging.debug(f"{chart} located at {git_url} is already checked out to {doublette_dict[git_url]}")
-                charts_dict[chart] = remote_dict[git_url]
+                charts_dict[chart] = doublette_dict[git_url]
             else:
                 if os.path.isdir(chart_repo_path):
                     logging.debug(f"Already exists {chart_repo_path} leaving it unmodified")
@@ -99,8 +97,8 @@ def clone_charts_locally(branch):
                     Repo.clone_from(git_url, chart_repo_path)
                     chart_repo = Repo(path=chart_repo_path)
                     chart_repo.git.checkout('v'+charts['charts'][chart]['version'])
+                doublette_dict[git_url] = chart_repo_path
                 charts_dict[chart] = chart_repo_path
-                remote_dict[git_url] = chart_repo_path
     return charts_dict
 
 
@@ -121,9 +119,8 @@ def get_child_helmfiles():
     return child_helmfiles
 
 
-def process_the_helmfiles(charts_dict):
+def process_the_helmfiles(charts_dict, charts):
     chart_def_prefix = '    chart: "'
-    name_def_prefix = '  - name: "'
     child_helmfiles = get_child_helmfiles()
     for child_helmfile in child_helmfiles:
         child_helmfile_updated = False
@@ -134,23 +131,18 @@ def process_the_helmfiles(charts_dict):
                     for chart_ident in charts_dict:
                         if '.Values.charts.'+chart_ident+'.name' in line:
                             logging.debug(f"found match with {chart_ident} in {line.strip()}")
-                            if name_def_prefix not in line_memory:
+                            line = chart_def_prefix+charts_dict[chart_ident]+'/charts/'+charts['charts'][chart_ident]['name']+'" # replaced by local-dev script'+"\n"
-                                sys.exit(f"Script requires `name` definition before the actual `chart` definition. Not the case for '{chart_ident}'")
-                            else:
-                                name = re.search(rf"^{name_def_prefix}(.+)\"", line_memory).group(1)
-                            line = chart_def_prefix+charts_dict[chart_ident]+'/charts/'+name+'" # replaced by local-dev script'+"\n"
                             child_helmfile_updated = True
                             break
                 output.append(line)
-                line_memory = line
         if child_helmfile_updated:
             child_helmfile_backup = child_helmfile+helmfile_backup_extension
-            logging.debug(f"Updated {child_helmfile}")
             if os.path.isfile(child_helmfile_backup):
                 logging.debug("backup {child_helmfile_backup} already exists, will not create a new one.")
             else:
                 logging.debug(f"creating backup {child_helmfile_backup}.")
                 shutil.copy2(child_helmfile, child_helmfile_backup)
+            logging.debug(f"Updating {child_helmfile}")
             with open(child_helmfile, 'w') as file:
                 file.writelines(output)
 
@@ -172,5 +164,7 @@ if options.revert:
     revert_the_helmfiles()
 else:
     branch = create_or_switch_branch_base_repo()
-    charts_dict = clone_charts_locally(branch)
+    with open(charts_yaml, 'r') as file:
-    process_the_helmfiles(charts_dict)
+        charts = yaml.safe_load(file)
+    charts_dict = clone_charts_locally(branch, charts)
+    process_the_helmfiles(charts_dict, charts)

docs/debugging.md

@@ -64,7 +64,7 @@ The following example can e.g. be used to debug the `openDesk-Nextcloud-PHP` con
       shareProcessNamespace: true
       containers:
         - name: debugging
-          image: registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:1.0.0
+          image: registry.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-debugging-image:latest
           command: ["/bin/bash", "-c", "while true; do echo 'This is a temporary container for debugging'; sleep 5 ; done"]
           securityContext:
             capabilities:

docs/getting-started.md

@@ -208,6 +208,8 @@ ingress:
   ingressClassName: "cilium"
 ```
 
+**Note:** Please check the [requirements.md](./requirements.md) for the supported Ingress controllers.
+
 ### Container runtime
 
 Some apps require specific configuration for the container runtime. You can set your container runtime like `cri-o`,

docs/requirements.md

@@ -22,7 +22,7 @@ openDesk is a Kubernetes only solution and requires an existing Kubernetes (K8s)
 
 - K8s cluster >= 1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
 - Domain and DNS Service
-- Ingress controller (nginx-ingress)
+- Ingress controller (Ingress NGINX)
 - [Helm](https://helm.sh/) >= v3.9.0
 - [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= **v0.157.0**
 - [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
@@ -54,7 +54,7 @@ The deployment is intended to use only over HTTPS via a configured FQDN, therefo
 configured ingress controller deployed.
 
 **Supported controllers:**
-- [NGINX Ingress Controller](https://github.com/nginxinc/kubernetes-ingress)
+- [Ingress NGINX Controller](https://github.com/kubernetes/ingress-nginx)
 
 Note: The platform development team is evaluating the use of [Gateway API](https://gateway-api.sigs.k8s.io/).
 If you have feedback on that topic, please share it with us.

helmfile/apps/collabora/values.yaml.gotmpl

@@ -7,7 +7,7 @@ autoscaling:
   enabled: false
 
 collabora:
-  extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=65536"
+  extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=0"
   username: "collabora-internal-admin"
   password: {{ .Values.secrets.collabora.adminPassword | quote }}
   aliasgroups:

helmfile/apps/element/values-synapse-web.yaml.gotmpl

@@ -21,6 +21,7 @@ containerSecurityContext:
 
 global:
   domain: {{ .Values.global.domain | quote }}
+  clusterDomain: {{ .Values.cluster.networking.domain | quote }}
   hosts:
     {{ .Values.global.hosts | toYaml | nindent 4 }}
   imagePullSecrets:

helmfile/apps/element/values-synapse.yaml.gotmpl

@@ -41,6 +41,13 @@ configuration:
         url: null
         sender_localpart: intercom-service
 
+    smtp:
+      senderAddress: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}"
+      host: {{ .Values.smtp.host | quote }}
+      port: {{ .Values.smtp.port }}
+      username: {{ .Values.smtp.username | quote }}
+      password: {{ .Values.smtp.password | quote }}
+
     oidc:
       clientId: "opendesk-matrix"
       clientSecret: {{ .Values.secrets.keycloak.clientSecret.matrix | quote }}

helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl

@@ -78,6 +78,9 @@ configuration:
         value: {{ .Values.smtp.password | quote }}
     host: {{ .Values.smtp.host | quote }}
     port: {{ .Values.smtp.port | quote }}
+    fromAddress: {{ .Values.localpartNoReply | quote }}
+    mailDomain: "{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}"
+
   serverinfo:
     token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
 
@@ -102,7 +105,7 @@ debug:
 
 image:
   registry: {{ .Values.global.imageRegistry | default .Values.images.nextcloudManagement.registry | quote }}
-  repository: "{{ .Values.images.nextcloudManagement.repository }}"
+  repository: {{ .Values.images.nextcloudManagement.repository | quote }}
   imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
   tag: {{ .Values.images.nextcloudManagement.tag | quote }}
 

helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl

@@ -15,7 +15,7 @@ imagePullSecrets:
 {{- end }}
 
 dovecot:
-  mailDomain: {{ .Values.global.domain | quote }}
+  mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
   password: {{ .Values.secrets.dovecot.doveadm | quote }}
   ldap:
     enabled: true
@@ -38,8 +38,6 @@ dovecot:
     ssl: "no"
     host: "postfix:25"
 
-
-
 certificate:
   secretName: {{ .Values.ingress.tls.secretName | quote }}
 

helmfile/apps/openproject/values.yaml.gotmpl

@@ -33,9 +33,6 @@ environment:
   OPENPROJECT_OMNIAUTH__DIRECT__LOGIN__PROVIDER: "keycloak"
   OPENPROJECT_PER__PAGE__OPTIONS: "20, 50, 100, 200"
   OPENPROJECT_EMAIL__DELIVERY__METHOD: "smtp"
-  OPENPROJECT_SMTP__AUTHENTICATION: "plain"
-  OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
-  OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
   OPENPROJECT_DEFAULT__COMMENT__SORT__ORDER: "desc"
   # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
   OPENPROJECT_SEED_LDAP_OPENDESK_HOST: {{ .Values.ldap.host | quote }}
@@ -61,13 +58,16 @@ environment:
   OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
   OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
   OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
-  OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.domain | quote }}
+  OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
   OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
   OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
   OPENPROJECT_SMTP__PORT: {{ .Values.smtp.port | quote }}
   OPENPROJECT_SMTP__SSL: "false" # (default=false)
   OPENPROJECT_SMTP__ADDRESS: {{ .Values.smtp.host | quote }}
-  OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
+  OPENPROJECT_SMTP__AUTHENTICATION: "plain"
+  OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
+  OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
+  OPENPROJECT_MAIL__FROM: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}"
   OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
   OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"

helmfile/apps/services/values-postfix.yaml.gotmpl

@@ -41,7 +41,7 @@ podSecurityContext:
 postfix:
   amavisHost: ""
   amavisPortIn: ""
-  domain: {{ .Values.global.mailDomain | default .Values.global.domain }}
+  domain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
   hostname: "postfix"
   inetProtocols: "ipv4"
   milterDefaultAction: "accept"
@@ -50,7 +50,7 @@ postfix:
       content:
         - {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
   rspamdHost: ""
-  relayHost: {{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}
+  relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
   relayNets: {{ .Values.cluster.networking.cidr | quote}}
   smtpSASLAuthEnable: "yes"
   smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
@@ -67,7 +67,7 @@ postfix:
   {{- else if .Values.clamavSimple.enabled }}
   smtpdMilters: "inet:clamav-simple:7357"
   {{- end }}
-  virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain }}
+  virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
   virtualTransport: "lmtps:dovecot:24"
 
 replicaCount: {{ .Values.replicas.postfix }}

helmfile/apps/univention-management-stack/values-umbrella.yaml.gotmpl

@@ -613,7 +613,7 @@ stack-data-ums:
     # The openDesk configuration brings its own UMC policies.
     installUmcPolicies: false
     domainname: {{ .Values.global.domain | quote }}
-    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
+    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
     hostname: {{ .Values.global.hosts.univentionManagementStack | quote }}
     ldapHost: {{ .Values.ldap.host | quote }}
     ldapBase: {{ .Values.ldap.baseDn | quote }}
@@ -654,7 +654,7 @@ stack-data-swp:
       {{- end }}
 
     externalDomainName: {{ .Values.global.domain | quote }}
-    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
+    externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
 
     portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain | quote }}
     portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain | quote }}
@@ -1172,7 +1172,7 @@ keycloak-extensions:
       ipProtectionEnable: true
       logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
       newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
-      mailFrom: "noreply@{{ .Values.global.domain }}"
+      mailFrom: "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
     securityContext:
       allowPrivilegeEscalation: false
       capabilities:

helmfile/apps/xwiki/values.yaml.gotmpl

@@ -126,6 +126,13 @@ properties:
   "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon.svg": "data:image/svg+xml;base64,{{ .Values.theme.imagery.faviconSvg | b64enc }}"
   "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon16.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon16PngB64 }}"
   "attachment:xwiki:XWiki.DefaultSkin@icons.xwiki.favicon144.png": "data:image/png;base64,{{ .Values.theme.imagery.favicon144PngB64 }}"
+  ## SMTP settings
+  "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.localpartNoReply }}@{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
+  "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ .Values.smtp.host | quote }}
+  "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": {{ .Values.smtp.port | quote }}
+  "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ .Values.smtp.username | quote }}
+  "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.password": {{ .Values.smtp.password | quote }}
+  "property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=true"
   ## Link LDAP users and users authenticated through OIDC
   "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
   "property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"

helmfile/environments/default/charts.yaml

@@ -78,7 +78,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-element"
-    version: "3.0.0"
+    version: "3.2.0"
     verify: true
   elementWellKnown:
     # providerCategory: "Platform"
@@ -88,7 +88,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-well-known"
-    version: "3.0.0"
+    version: "3.2.0"
     verify: true
   home:
     # providerCategory: "Platform"
@@ -180,7 +180,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-matrix-user-verification-service"
-    version: "3.0.0"
+    version: "3.2.0"
     verify: true
   memcached:
     # providerCategory: "Community"
@@ -210,7 +210,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "1.5.2"
+    version: "2.0.0"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -220,7 +220,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "1.5.2"
+    version: "2.0.0"
     verify: true
   nginx:
     # providerCategory: "Community"
@@ -346,7 +346,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse"
-    version: "3.0.0"
+    version: "3.2.0"
     verify: true
   synapseCreateAccount:
     # providerCategory: "Platform"
@@ -356,7 +356,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-create-account"
-    version: "3.0.0"
+    version: "3.2.0"
     verify: true
   synapseWeb:
     # providerCategory: "Platform"
@@ -366,7 +366,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
     name: "opendesk-synapse-web"
-    version: "3.0.0"
+    version: "3.2.0"
     verify: true
   ums:
     # providerCategory: "Supplier"

helmfile/environments/default/global.generated.yaml

@@ -3,5 +3,5 @@
 ---
 global:
   systemInformation:
-    releaseVersion: "v0.8.0"
+    releaseVersion: "v0.8.1"
 ...

helmfile/environments/default/images.yaml

@@ -20,7 +20,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
-    tag: "24.04.4.1.1@sha256:8de43029e5994f503e5dc57f62bb3961a2c9d1e3b5362ecb314e33ff898b24fe"
+    tag: "24.04.4.2.1@sha256:268b586d48848958f9a0329f1ce6849f842d1ab2413a3c45ddf2f2dd249efc9a"
   cryptpad:
     # providerCategory: "Supplier"
     # providerResponsible: "XWiki"
@@ -263,7 +263,7 @@ images:
     # upstreamMirrorStartFrom: ["13", "1", "1"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "14.1.1@sha256:ce1fabf4d02534990ebb5c934df8fbd227192a529a2e6e81c7feb412bb3eac8b"
+    tag: "14.2.0@sha256:b4ea55b925de4fc8760ccf30268f0a2d472c4204bd4fc512720e8757489335d6"
   openprojectBootstrap:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -279,7 +279,7 @@ images:
     # upstreamRepository: "library/postgres"
     registry: "registry-1.docker.io"
     repository: "library/postgres"
-    tag: "16.3-alpine3.20@sha256:f18f3c509f481e4ddf167c108d11ecb07faca78b5e2204a702a379dee1d84f86"
+    tag: "16.3-alpine3.20@sha256:de3d7b6e4b5b3fe899e997579d6dfe95a99539d154abe03f0b6839133ed05065"
   openxchangeBootstrap:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"

helmfile/environments/default/smtp.gotmpl

@@ -8,4 +8,6 @@ smtp:
   port: 587
   username: ""
   password: {{ env "SMTP_PASSWORD" | quote }}
+
+localpartNoReply: "no-reply"
 ...