fix(nextcloud): Add push-notify option

Co-Authored-By: Kim Brose <kim.brose@nordeck.net>

.gitlab-ci.yml

@@ -1,12 +1,11 @@
+# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
-# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 # SPDX-License-Identifier: Apache-2.0
 ---
 include:
   - project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
     ref: "v2.4.8"
     file:
-      - "ci/common/automr.yml"
       - "ci/common/lint.yml"
       - "ci/release-automation/semantic-release.yml"
   - local: "/.gitlab/generate/generate-docs.yml"
@@ -32,7 +31,6 @@ stages:
   - ".pre"
   - "renovate"
   - "scan"
-  - "automr"
   - "env-cleanup"
   - "env"
   - "pre-services-deploy"

README.md

@@ -30,7 +30,7 @@ openDesk currently features the following functional main components:
 
 | Function             | Functional Component        | Component<br/>Version                                                                                | Upstream Documentation                                                                                                                |
 | -------------------- | --------------------------- | ---------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------- |
-| Chat & collaboration | Element ft. Nordeck widgets | [1.11.87](https://github.com/element-hq/element-desktop/releases/tag/v1.11.87)                       | [For the most recent release](https://element.io/user-guide)                                                                          |
+| Chat & collaboration | Element ft. Nordeck widgets | [1.11.89](https://github.com/element-hq/element-desktop/releases/tag/v1.11.89)                       | [For the most recent release](https://element.io/user-guide)                                                                          |
 | Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                                     | [For the most recent release](https://docs.cryptpad.org/en/)                                                                          |
 | File management      | Nextcloud                   | [29.0.8](https://nextcloud.com/de/changelog/#29-0-8)                                                 | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                           |
 | Groupware            | OX App Suite                | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/)                               | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |

docs/architecture.md

@@ -5,6 +5,7 @@ SPDX-License-Identifier: Apache-2.0
 
 <h1>Architecture</h1>
 
+<!-- TOC -->
 * [Overview](#overview)
 * [Nubus (IAM)](#nubus-iam)
 * [Authentication](#authentication)
@@ -37,6 +38,7 @@ SPDX-License-Identifier: Apache-2.0
   * [XWiki (Knowledge management)](#xwiki-knowledge-management)
 * [Application specific user accounts](#application-specific-user-accounts)
 * [Footnotes](#footnotes)
+<!-- TOC -->
 
 openDesk is designed as a [Kubernetes](https://kubernetes.io) deployment.
 

docs/architecture/apis.md

@@ -51,6 +51,10 @@ This chapter presents APIs available in openDesk grouped by applications.
   * [Matrix Server-Server API](#matrix-server-server-api)
   * [Matrix Push Gateway API](#matrix-push-gateway-api)
   * [Matrix Identity Service API](#matrix-identity-service-api)
+  * [Matrix React SDK Module API](#matrix-react-sdk-module-api)
+  * [Matrix Widget API](#matrix-widget-api)
+  * [NeoBoard Data Model API](#neoboard-data-model-api)
+  * [NeoDateFix REST API](#neodatefix-rest-api)
 * [Knowledge management - XWiki](#knowledge-management---xwiki)
   * [REST API](#rest-api-1)
   * [Scripting API](#scripting-api)
@@ -647,7 +651,56 @@ Following are APIs used by the Project management application:
 
 While Jitsi is available as standalone videoconferencing in openDesk, it is also used in [Element as videoconferencing backend](https://github.com/element-hq/element-web/blob/develop/docs/jitsi.md).
 
-![APIs of Element and Jitsi providing Communication Service](./apis_images/ChatVC-overview.png)
+```mermaid
+---
+  config:
+    class:
+      hideEmptyMembersBox: true
+---
+classDiagram
+    class CommunicationService["Communication Service"] {
+        <<interface>>
+    }
+
+    class MxChat["Element Matrix Chat"] {
+        <<interface>>
+    }
+    class JitsiVideoConference["Jitsi Video Conference"] {
+        <<interface>>
+    }
+
+    CommunicationService <|.. MxChat
+    CommunicationService <|.. JitsiVideoConference
+    MxChat <-- JitsiVideoConference
+
+    class MxAppServiceApi["Matrix Application Service API"]
+    class MxClientServerApi["Matrix Client Server API"]
+    class MxServerServerApi["Matrix Server Server API"]
+    class MxPushGatewayApi["Matrix Push Gateway API"]
+    class MxIdentityServiceApi["Matrix Identity Service API"]
+    class MxRtc["Matrix RTC"]
+    class MxElementWebModuleApi["Matrix React SDK Module API"]
+    class MxWidgetApi["Matrix Widget API"]
+    class NeoBoardDataModelApi["NeoBoard Data Model API"]
+    class NeoDateFixRestApi["NeoDateFix REST API"]
+
+    MxChat *-- MxAppServiceApi
+    MxChat *-- MxClientServerApi
+    MxChat *-- MxServerServerApi
+    MxChat *-- MxPushGatewayApi
+    MxChat *-- MxIdentityServiceApi
+    MxChat *-- MxRtc
+    MxChat *-- MxElementWebModuleApi
+    MxChat *-- MxWidgetApi
+
+    class JitsiIframeApi["Jitsi iFrame API"]
+    class JitsiMeetApi["Jitsi Meet API"]
+    class JitsiMeetReactSdk["Jitsi Meet React SDK"]
+
+    JitsiVideoConference *-- JitsiIframeApi
+    JitsiVideoConference *-- JitsiMeetApi
+    JitsiVideoConference *-- JitsiMeetReactSdk
+```
 
 Following are APIs used by the Chat application:
 
@@ -741,6 +794,74 @@ Following are APIs used by the Chat application:
 | Supported standards            | [Matrix](https://spec.matrix.org/latest/identity-service-api/)                                                                               |
 | Documentation                  | [Synapse](https://element-hq.github.io/synapse/latest/) is the reference implementation of the Matrix protocol, see standard for API details |
 
+## Matrix React SDK Module API
+
+| Name                           | Matrix React SDK Module API                                                                                                                                                                                                        |
+| ------------------------------ | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Purpose                        | The module system in Element Web is a way to add or modify functionality of Element Web itself, bundled at compile time for the app.                                                                                               |
+| Versioning                     | [Releases in the Git repository](https://github.com/matrix-org/matrix-react-sdk-module-api/releases); [Dependency in `package.json` in Element (Chat Web-UI)](https://github.com/element-hq/element-web/blob/develop/package.json) |
+| Authentication                 | n/a - used as a library                                                                                                                                                                                                            |
+| In openDesk provided by        | Element (Chat Web-UI)                                                                                                                                                                                                              |
+| Transport protocol             | n/a - used as a library                                                                                                                                                                                                            |
+| Usage within component         | [Element (Chat-Web-UI) Modules](https://github.com/nordeck/element-web-modules/)                                                                                                                                                   |
+| Usage within openDesk          | none                                                                                                                                                                                                                               |
+| Usage for external integration | n/a - uses as a library                                                                                                                                                                                                            |
+| Parallel access                | Allowed                                                                                                                                                                                                                            |
+| Message protocol               | n/a - used as a library                                                                                                                                                                                                            |
+| Supported standards            | n/a - Element (Chat Web-UI) specific                                                                                                                                                                                               |
+| Documentation                  | [Element (Chat Web-UI) Documentation](https://github.com/element-hq/element-web/blob/develop/docs/modules.md); [matrix-react-sdk-module-api Git repository](https://github.com/matrix-org/matrix-react-sdk-module-api)             |
+
+## Matrix Widget API
+
+| Name                           | Matrix Widget API                                                                                                                                                                                                    |
+| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Purpose                        | Matrix Widgets are HTML and Javascript content / applications that can be embedded within, and communicate with Matrix clients.                                                                                      |
+| Versioning                     | n/a                                                                                                                                                                                                                  |
+| Authentication                 | Widgets request capabilities. They must be confirmed by a user or by the [Widget Lifecycle Module](https://github.com/nordeck/element-web-modules/blob/main/packages/element-web-widget-lifecycle-module/README.md). |
+| In openDesk provided by        | Element (Chat Web-UI)                                                                                                                                                                                                |
+| Transport protocol             | [HTML window.postMessage API](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage)                                                                                                                   |
+| Usage within component         | [NeoDateFix](https://github.com/nordeck/matrix-meetings/), [NeoBoard](https://github.com/nordeck/matrix-neoboard), [NeoChoice](https://github.com/nordeck/matrix-poll)                                                                                                    |
+| Usage within openDesk          | none                                                                                                                                                                                                                 |
+| Usage for external integration | none                                                                                                                                                                                                                 |
+| Parallel access                | Allowed                                                                                                                                                                                                              |
+| Message protocol               | JSON                                                                                                                                                                                                                 |
+| Supported standards            | [Matrix - MSC2764](https://github.com/matrix-org/matrix-spec-proposals/pull/2764)                                                                                                                                    |
+| Documentation                  | [Matrix - MSC2764](https://github.com/matrix-org/matrix-spec-proposals/pull/2764)                                                                                                                                    |
+
+## NeoBoard Data Model API
+
+| Name                           | NeoBoard Data Model API                                                                                                               |
+| ------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------- |
+| Purpose                        | The NeoBoard data model can be used to generate whiteboard documents.                                                                 |
+| Versioning                     | `version` field in the [NeoBoard data model](https://github.com/nordeck/matrix-neoboard/blob/main/docs/model/export-format.md#fields) |
+| Authentication                 | n/a                                                                                                                                   |
+| In openDesk provided by        | [NeoBoard](https://github.com/nordeck/matrix-neoboard)                                                                                |
+| Transport protocol             | n/a                                                                                                                                   |
+| Usage within component         | [NeoBoard](https://github.com/nordeck/matrix-neoboard)                                                                                |
+| Usage within openDesk          | none                                                                                                                                  |
+| Usage for external integration | none                                                                                                                                  |
+| Parallel access                | n/a                                                                                                                                   |
+| Message protocol               | JSON                                                                                                                                  |
+| Supported standards            | n/a                                                                                                                                   |
+| Documentation                  | [NeoBoard data model](https://github.com/nordeck/matrix-neoboard/tree/main/docs/model)                                                |
+
+## NeoDateFix REST API
+
+| Name                           | NeoDateFix REST API                                                                                                                                |
+| ------------------------------ | -------------------------------------------------------------------------------------------------------------------------------------------------- |
+| Purpose                        | Can be used to query and set up NeoDateFix Matrix meetings.                                                                                        |
+| Versioning                     | Path segment in the [Meetings Bot API](https://github.com/nordeck/matrix-meetings/blob/main/docs/data-model.md#http-api)                           |
+| Authentication                 | n/a                                                                                                                                                |
+| In openDesk provided by        | [NeoDateFix](https://github.com/nordeck/matrix-meetings)                                                                                           |
+| Transport protocol             | HTTP(S)                                                                                                                                            |
+| Usage within component         | [NeoDateFix](https://github.com/nordeck/matrix-meetings)                                                                                           |
+| Usage within openDesk          | Used by OX to sync calendar entries to NeoDateFix                                                                                                  |
+| Usage for external integration | none                                                                                                                                               |
+| Parallel access                | n/a                                                                                                                                                |
+| Message protocol               | JSON                                                                                                                                               |
+| Supported standards            | n/a                                                                                                                                                |
+| Documentation                  | [NeoDateFix ADR001](https://github.com/nordeck/matrix-meetings/blob/main/docs/adrs/adr001-use-the-widget-api-to-interact-with-the-meetings-bot.md) |
+
 # Knowledge management - XWiki
 
 Following are APIs used by the Knowledge management application:
@@ -804,7 +925,7 @@ Following are APIs used by the Knowledge management application:
 
 ## JavaScript API
 
-| Name                           | Javascript API                                                                               |
+| Name                           | JavaScript API                                                                               |
 | ------------------------------ | -------------------------------------------------------------------------------------------- |
 | Purpose                        | Include dynamic components in XWiki/web pages                                                |
 | Versioning                     |                                                                                              |

docs/data-storage.md

@@ -95,8 +95,8 @@ XWiki,PersistentVolume,1
 | **OpenProject**      | PostgreSQL   | Yes      | Application's main database                                                                | `openproject`                                  |                                                       |
 |                      | S3           | Yes      | Attachments, custom styles                                                                 | `openproject`                                  |                                                       |
 |                      | Memcached    | No       | Cache                                                                                      |                                                |                                                       |
-|                      | PVC          | No       | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs               | `openproject-<web|worker>-*-tmp`               | `/tmp`                                                |
+|                      | PVC          | No       | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs               | `openproject-<web/worker>-*-tmp`               | `/tmp`                                                |
-|                      |              | No       | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs               | `openproject-<web|worker>-app-*-tmp`           | `/app/tmp`                                            |
+|                      |              | No       | PVC backed `emptyDir` as K8s cannot set the sticky bit on standard emptyDirs               | `openproject-<web/worker>-app-*-tmp`           | `/app/tmp`                                            |
 | **Open-Xchange**     | MariaDB      | Yes      | Application's control database to coordiate dynamically created ones                       | `configdb`                                     |                                                       |
 |                      |              | Yes      | Dynamically creates databases of schema `PRIMARYDB_n`containing multiple contexts          | `PRIMARYDB_*`                                  |                                                       |
 |                      |              | Yes      | OX Guard related settings                                                                  | `oxguard*`                                     |                                                       |
@@ -113,5 +113,5 @@ Additionally, the following persistent volumes are mounted by pods that serve as
 | ---------- | ---------------- | ------------ | --------------------------- | --------------------- |
 | MariaDB    | `mariadb-*`      | `data`       | `data-mariadb-0`            | `/var/lib/mysql`      |
 | MinIO      | `minio-*-*`      | `data`       | `minio`                     | `/bitnami/minio/data` |
-| PostgreSQK | `postgresql-*`   | `data`       | `data-postgresql-0`         | `/mnt/postgresql`     |
+| PostgreSQL | `postgresql-*`   | `data`       | `data-postgresql-0`         | `/mnt/postgresql`     |
 | Redis      | `redis-master-*` | `redis-data` | `redis-data-redis-master-0` | `/data`               |

docs/debugging.md

@@ -30,7 +30,7 @@ We for sure do not want to reinvent the wheel, so we might link to external sour
 information where available.
 
 > **Warning**<br>
-> You should never enable the debug option in production environments! By looking up `debug.enable` in the deployment, you
+> You should never enable the debug option in production environments! By looking up `debug.enabled` in the deployment, you
 will find the various places changes are applied when enabling debugging. So, outside of development and test
 environments, you should use them thoughtfully and carefully if needed.
 
@@ -39,7 +39,7 @@ environments, you should use them thoughtfully and carefully if needed.
 Check the openDesk [`debug.yaml.gotmpl`](../helmfile/environments/default/debug.yaml.gotmpl) and set for your deployment
 ```
 debug:
-  enable: true
+  enabled: true
 ```
 
 This will result in:

docs/getting-started.md

@@ -41,7 +41,7 @@ deploy openDesk onto your Kubernetes infrastructure.
 
 # Requirements
 
-Detailed system requirements are covered on the [requirements](requirements.md) page.
+Detailed system requirements are covered on the [requirements](./docs/requirements.md) page.
 
 # Customize environment
 

docs/migrations.md

@@ -7,10 +7,13 @@ SPDX-License-Identifier: Apache-2.0
 
 <!-- TOC -->
 * [Disclaimer](#disclaimer)
-* [openDesk supported upgrade path](#opendesk-supported-upgrade-path)
+* [Automated migrations - Overview and mandatory upgrade path](#automated-migrations---overview-and-mandatory-upgrade-path)
-* [Releases upgrade details](#releases-upgrade-details)
+* [Manual update steps](#manual-update-steps)
-  * [From v1.0.0](#from-v100)
+  * [From v1.1.0: Manual checks/steps](#from-v110-manual-checkssteps)
-    * [Pre-upgrade: Manual checks/steps from v1.0.0](#pre-upgrade-manual-checkssteps-from-v100)
+    * [Pre-upgrade](#pre-upgrade)
+      * [Helmfile new secret: `secrets.nubus.masterpassword`](#helmfile-new-secret-secretsnubusmasterpassword)
+  * [From v1.0.0: Manual checks/steps](#from-v100-manual-checkssteps)
+    * [Pre-upgrade](#pre-upgrade-1)
       * [Helmfile Cleanup: Restructured `/helmfile/files/theme` folder](#helmfile-cleanup-restructured-helmfilefilestheme-folder)
       * [Helmfile Cleanup: Consistent use of `*.yaml.gotmpl`](#helmfile-cleanup-consistent-use-of-yamlgotmpl)
       * [Helmfile Cleanup: Prefixing certain app directories with `opendesk-`](#helmfile-cleanup-prefixing-certain-app-directories-with-opendesk-)
@@ -20,8 +23,7 @@ SPDX-License-Identifier: Apache-2.0
       * [openDesk defaults (new): Enforce login](#opendesk-defaults-new-enforce-login)
       * [openDesk defaults (changed): Jitsi room history enabled](#opendesk-defaults-changed-jitsi-room-history-enabled)
       * [External requirements: Redis 7.4](#external-requirements-redis-74)
-    * [Automated migrations from v1.0.0](#automated-migrations-from-v100)
+  * [From v0.9.0: Manual checks/steps](#from-v090-manual-checkssteps)
-  * [From v0.9.0](#from-v090)
     * [Pre-upgrade: Manual steps](#pre-upgrade-manual-steps)
       * [Configuration Cleanup: Removal of unnecessary OX-Profiles in Nubus](#configuration-cleanup-removal-of-unnecessary-ox-profiles-in-nubus)
       * [Configuration Cleanup: Updated `global.imagePullSecrets`](#configuration-cleanup-updated-globalimagepullsecrets)
@@ -30,52 +32,68 @@ SPDX-License-Identifier: Apache-2.0
       * [Changed openDesk defaults: File-share configurability](#changed-opendesk-defaults-file-share-configurability)
       * [Changed openDesk defaults: Updated default subdomains in `global.hosts`](#changed-opendesk-defaults-updated-default-subdomains-in-globalhosts)
       * [Changed openDesk defaults: Dedicated group for access to the UDM REST API](#changed-opendesk-defaults-dedicated-group-for-access-to-the-udm-rest-api)
-    * [Automated migrations from v0.9.0](#automated-migrations-from-v090)
+    * [Post-upgrade](#post-upgrade)
-    * [Post-upgrade: Manual steps](#post-upgrade-manual-steps)
       * [Configuration Improvement: Separate user permission for using Video Conference component](#configuration-improvement-separate-user-permission-for-using-video-conference-component)
       * [Optional Cleanup](#optional-cleanup)
-  * [From v0.8.1](#from-v081)
+  * [From v1.1.0: Manual checks/steps](#from-v110-manual-checkssteps-1)
-    * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
+    * [Pre-upgrade](#pre-upgrade-2)
-    * [Updated customizable template attributes](#updated-customizable-template-attributes)
+      * [Updated `cluster.networking.cidr`](#updated-clusternetworkingcidr)
-    * [`migrations` S3 bucket](#migrations-s3-bucket)
+      * [Updated customizable template attributes](#updated-customizable-template-attributes)
-* [Related components and artifacts](#related-components-and-artifacts)
+      * [`migrations` S3 bucket](#migrations-s3-bucket)
+* [Automated migrations - Details](#automated-migrations---details)
+  * [From v1.1.0: Automated migrations](#from-v110-automated-migrations)
+  * [From v0.9.0: Automated migrations](#from-v090-automated-migrations)
+  * [Related components and artifacts](#related-components-and-artifacts)
   * [Development](#development)
 <!-- TOC -->
 
 # Disclaimer
 
-With openDesk 1.0, we aim to offer hassle-free updates/upgrades.
+Starting with openDesk 1.0, we aim to offer hassle-free updates/upgrades.
 
-But openDesk requires a defined upgrade path that is described in the section [openDesk supported upgrade path](#opendesk-supported-upgrade-path).
+Therefore openDesk contains automated migrations between versions to lower the requirements for manual interaction. These automated migrations can have limitations in the way that they need a certain openDesk version to be installed causing a mandatory upgrade path that is described in the section [Automated migrations](#automated-migrations).
 
-Some upgrades even require manual interaction, which are referenced in the aforementioned section and described further down this document.
+Manual checks and possible activities are also required by openDesk updates, they are described in the section [Manual update steps](#manual-update-steps).
 
-> **Known limitations:**<br>
+> **Note**<br>
+> Please be sure you read / follow the requirements before you update / upgrade thoroughly.
+
+> **Known limitations**<br>
 > We assume that the PV reclaim policy is set to `delete`, resulting in PVs getting deleted as soon as the related PVC was deleted; we will not address explicit deletion for PVs.
 
-# openDesk supported upgrade path
+# Automated migrations - Overview and mandatory upgrade path
 
-When updating your openDesk installation you have to install the releases listed below in the sequential order from
+The following table gives an overview of the mandatory upgrade path of openDesk for the automated migrations to work as expected.
-the lowest version number you are already on to the more current version you are looking to install.
 
-Explanation of the table's columns:
+To upgrade existing deployments, you cannot skip any version mentioned in the column *Mandatory version*. When a version number is not fully defined (e.g. `v1.1.x`), you can install any version matching the given schema.
-- *Coming from*: Check the column for the release you are currently on.
-- *Mandatory release*: Defines which release(s) support the upgrade from your currently installed version.
-- *Automatic migration*: Summary of, or link to openDesk's automatic migration details.
-- *Manual activities*: Reference to required manual steps to upgrade your openDesk installation to the *Mandatory release*.
 
-| Coming from   | Mandatory (minimum) release | Manual steps required                                                             | Details                       |
+| Mandatory version |
-| ------------- | --------------------------- | --------------------------------------------------------------------------------- | ----------------------------- |
+| ----------------- |
-| v1.0.0        | v1.1.0                      | [Before upgrade](#pre-upgrade-manual-checkssteps-from-v100)                       | See [From v1.0.0](#from-v100) |
+| v1.1.x            |
-| v0.9.0        | v1.0.0                      | [Before](#pre-upgrade-manual-steps) & [After upgrade](#post-upgrade-manual-steps) | See [From v0.9.0](#from-v090) |
+| v1.0.0            |
-| v0.8.1        | v0.9.0                      | Initializes migration system                                                      | See [From v0.8.1](#from-v081) |
+| v0.9.0            |
-| not supported | v0.8.1                      | First release that supporting updates                                             |                               |
+| v0.8.1            |
 
-# Releases upgrade details
+> **Note**<br>
+> Be sure you check out the table in the release version you are going to install, an not the one that is currently installed.
 
-## From v1.0.0
+When interested in more details about the automated migrations, please read section [Automated migrations - Details](#automated-migrations---details).
 
-### Pre-upgrade: Manual checks/steps from v1.0.0
+# Manual update steps
+
+Be sure you check all the sections for the releases your are going to update your current deployment from.
+
+## From v1.1.0: Manual checks/steps
+
+### Pre-upgrade
+
+#### Helmfile new secret: `secrets.nubus.masterpassword`
+
+A not yet templated secret was discovered in the Nubus deployment that is now defined in [`secrets.yaml.gotmpl`](../helmfile/environments/default/theme.yaml.gotmpl) with the key `secrets.nubus.masterpassword`. If you define your own secrets, please be sure this new secret is set to the value of the `MASTER_PASSWORD` environment variable used in your deployment.
+
+## From v1.0.0: Manual checks/steps
+
+### Pre-upgrade
 
 #### Helmfile Cleanup: Restructured `/helmfile/files/theme` folder
 
@@ -236,18 +254,7 @@ The update from openDesk 1.0.0 contains Redis 7.4.1, like the other openDesk bun
 
 Please ensure for the Redis you are using that it is updated to at least 7.4 to support the requirement of OX App Suite.
 
-### Automated migrations from v1.0.0
+## From v0.9.0: Manual checks/steps
-
-With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods.
-
-openDesk's automated migrations takes care of this upgrade requirement described here for
-[Nubus 1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.5.1/en/changelog.html#migrate-existing-ldap-server-to-mirror-mode-readiness),
-creating the config map with the mentioned label.
-
-> **Note**<br>
-> Details can be found in [run_3.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
-
-## From v0.9.0
 
 ### Pre-upgrade: Manual steps
 
@@ -433,16 +440,7 @@ The IAMs admin account `Administrator` is a member of this group by default, but
 
 If you need other accounts to use the API, please assign them to the aforementioned group.
 
-### Automated migrations from v0.9.0
+### Post-upgrade
-
-The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
-
-The permissions required to execute the migrations can be found in the migration's Helm chart [`role.yaml'](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/v1.3.5/charts/opendesk-migrations/templates/role.yaml?ref_type=tags#L29)
-
-> **Note**<br>
-> Details can be found in [run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
-
-### Post-upgrade: Manual steps
 
 #### Configuration Improvement: Separate user permission for using Video Conference component
 
@@ -472,14 +470,16 @@ kubectl -n ${NAMESPACE} delete pvc shared-run-ums-ldap-server-0
 kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
 ```
 
-## From v0.8.1
+## From v1.1.0: Manual checks/steps
 
-### Updated `cluster.networking.cidr`
+### Pre-upgrade
+
+#### Updated `cluster.networking.cidr`
 
 - Action: `cluster.networking.cidr` is now an array (was a string until 0.8.1); please update your setup accordingly if you explicitly set this value.
 - Reference:[cluster.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/cluster.yaml)
 
-### Updated customizable template attributes
+#### Updated customizable template attributes
 
 - Action: Please update your custom deployment values according to the updated default value structure.
 - References:
@@ -488,12 +488,34 @@ kubectl -n ${NAMESPACE} delete pvc ox-connector-ox-contexts-ox-connector-0
   - `monitoring.` prefix for `prometheus.*` and `graphana.*`, see [monitoring.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/monitoring.yaml).
   - `smtp.` prefix for `localpartNoReply`, see [smtp.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/smtp.yaml).
 
-### `migrations` S3 bucket
+#### `migrations` S3 bucket
 
 - Action: For self-managed/external S3/object storages, please ensure you add a bucket `migrations` to your S3.
 - Reference: `objectstores.migrations` in [objectstores.yaml](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/blob/main/helmfile/environments/default/objectstores.yaml)
 
-# Related components and artifacts
+# Automated migrations - Details
+
+## From v1.1.0: Automated migrations
+
+With openDesk v1.1.0 the IAM stack supports HA LDAP primary as well as scalable LDAP secondary pods.
+
+openDesk's automated migrations takes care of this upgrade requirement described here for
+[Nubus 1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/1.5.1/en/changelog.html#migrate-existing-ldap-server-to-mirror-mode-readiness),
+creating the config map with the mentioned label.
+
+> **Note**<br>
+> Details can be found in [run_3.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
+
+## From v0.9.0: Automated migrations
+
+The `migrations-pre` and `migrations-post` jobs in the openDesk deployment address the automated migration tasks.
+
+The permissions required to execute the migrations can be found in the migration's Helm chart [`role.yaml'](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/-/blob/v1.3.5/charts/opendesk-migrations/templates/role.yaml?ref_type=tags#L29)
+
+> **Note**<br>
+> Details can be found in [run_2.py](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-migrations/-/blob/main/odmigs-python/odmigs_runs/run_3.py).
+
+## Related components and artifacts
 
 openDesk comes with two upgrade steps as part of the deployment; they can be found in the folder [/helmfile/apps](../helmfile/apps/) as all other components:
 

helmfile/apps/nextcloud/values-nextcloud.yaml.gotmpl

@@ -71,6 +71,12 @@ aio:
           value: {{ .Values.databases.nextcloud.username | quote }}
         password:
           value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
+    pushNotify:
+      enabled: {{ .Values.technical.nextcloud.pushNotify.enabled }}
+      logLevel:  {{ if .Values.debug.enabled }}"debug"{{ else }}"info"{{ end }}
+      replicaCount: {{ .Values.replicas.nextcloudPushNotify }}
+      resources:
+        {{ .Values.resources.nextcloudPushNotify | toYaml | nindent 8 }}
     trustedProxy: {{ join " " .Values.cluster.networking.cidr | quote }}
   containerSecurityContext:
     allowPrivilegeEscalation: false

helmfile/apps/nubus/values-nubus.yaml.gotmpl

@@ -17,7 +17,7 @@ global:
       cnAdmin:
         password: {{ .Values.secrets.nubus.ldapSecret | quote }}
   nubusDeployment: true
-  nubusMasterPassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }}
+  nubusMasterPassword: {{ .Values.secrets.nubus.masterpassword | quote }}
   objectStorage:
     bucket: {{ .Values.objectstores.nubus.bucket | quote }}
     connection:
@@ -797,60 +797,6 @@ nubusLdapServer:
       repository: {{ .Values.images.nubusLdapServerDhInitContainer.repository }}
       tag: {{ .Values.images.nubusLdapServerDhInitContainer.tag }}
       imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
-
-  extraVolumes:
-    - name: "migration-scripts"
-      secret:
-        secretName: "ums-ldap-server-migration"
-        defaultMode: 0555
-  extraVolumeMounts:
-    - name: "migration-scripts"
-      mountPath: "/entrypoint.d/30-purge.sh"
-      subPath: "30-purge.sh"
-    - name: "migration-scripts"
-      mountPath: "/entrypoint.d/95-slapadd-24-ldiff.sh"
-      subPath: "95-slapadd-24-ldif.sh"
-  extraSecrets:
-    - name: "ums-ldap-server-migration"
-      stringData:
-        30-purge.sh: |
-          #!/usr/bin/env bash
-          me=$(basename "$0")
-          echo "- Running ${me}"
-          if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
-            echo "- Cleaning up /var/lib/univention-ldap."
-            cd /var/lib/univention-ldap
-            rm -rf internal
-            rm -rf ldap
-            ls -l
-          else
-            echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
-          fi
-        95-slapadd-24-ldif.sh: |
-          #!/usr/bin/env bash
-          me=$(basename "$0")
-          echo "- Running ${me}"
-          ls -l /var/lib/univention-ldap
-          if [ -f /var/lib/univention-ldap/ldap-24-export.ldif ]; then
-            echo "- slapadd-ing /var/lib/univention-ldap/ldap-24-export.ldif"
-            ls -l /var/lib/univention-ldap/
-            rm -rf /var/lib/univention-ldap/ldap
-            rm -rf /var/lib/univention-ldap/internal
-            echo "- deleted /var/lib/univention-ldap/ldap and /var/lib/univention-ldap/internal"
-            ls -l /var/lib/univention-ldap/
-            mkdir /var/lib/univention-ldap/ldap
-            mkdir /var/lib/univention-ldap/internal
-            echo "- created /var/lib/univention-ldap/ldap and /var/lib/univention-ldap/internal"
-            ls -l /var/lib/univention-ldap/
-            /usr/sbin/slapadd -v -l /var/lib/univention-ldap/ldap-24-export.ldif
-            echo "- slapadd executed"
-            ls -l /var/lib/univention-ldap/
-            mv /var/lib/univention-ldap/ldap-24-export.ldif /var/lib/univention-ldap/ldap-24-export.ldif-imported
-            echo "- import file renamed"
-            ls -l /var/lib/univention-ldap/
-          else
-            echo "- File /var/lib/univention-ldap/ldap-24-export.ldif not found."
-          fi
   initResources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
   ldapServer:
     image:
@@ -863,7 +809,7 @@ nubusLdapServer:
         registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusLdapServerLeaderElector.registry | quote }}
         repository: {{ .Values.images.nubusLdapServerLeaderElector.repository }}
         tag: {{ .Values.images.nubusLdapServerLeaderElector.tag }}
-        imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
+        pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
   persistence:
     storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
     size: {{ .Values.persistence.size.nubus.ldapServerData | quote }}

helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl

@@ -23,9 +23,8 @@ image:
   repository: {{ .Values.images.oxConnector.repository | quote }}
   pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
   tag: {{ .Values.images.oxConnector.tag | quote }}
-
   waitForDependency:
-    registry: {{ .Values.global.imageRegistry | default .Values.images.nubusWaitForDependency.registry | quote }}
+    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusWaitForDependency.registry | quote }}
     repository: {{ .Values.images.nubusWaitForDependency.repository }}
     imagePullPolicy: {{ .Values.global.imagePullPolicy }}
     pullSecrets:

helmfile/environments/default/charts.yaml.gotmpl

@@ -256,7 +256,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud"
-    version: "3.6.2"
+    version: "3.7.0-trossner-notify-push"
     verify: true
   nextcloudManagement:
     # providerCategory: "Platform"
@@ -266,7 +266,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
     name: "opendesk-nextcloud-management"
-    version: "3.6.2"
+    version: "3.7.0-trossner-notify-push"
     verify: true
   nginx:
     # providerCategory: "Community"
@@ -348,7 +348,7 @@ charts:
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/charts/opendesk-static-files"
     name: "opendesk-static-files"
-    version: "4.0.0"
+    version: "4.0.1"
     verify: true
   openproject:
     # providerCategory: "Supplier"

helmfile/environments/default/images.yaml.gotmpl

@@ -61,7 +61,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
-    tag: "1.11.4@sha256:bfb0ce4afe737e7b6a0404c9e3f2d8dbe341ce72a930d0d5173a0145729cf646"
+    tag: "1.11.6@sha256:1ac5eeea24c5fbfdfeda44cb00651fa22864e26d8cb32add150c4bf1aea0fb36"
   freshclam:
     # providerCategory: "Community"
     # providerResponsible: "openDesk"
@@ -130,12 +130,12 @@ images:
     tag: "v20241023@sha256:2391799c5168222f0e3ebb94d7c3cb3bcea6f075399458197f0c1bbbb8f293fe"
   jitsiPatchJVB:
     # providerCategory: "Community"
-    # providerResponsible: "Nordeck"
+    # providerResponsible: "openDesk"
     # upstreamRegistry: "https://registry-1.docker.io"
     # upstreamRepository: "bitnami/kubectl"
     registry: "registry-1.docker.io"
     repository: "bitnami/kubectl"
-    tag: "1.31.3@sha256:e90b9642d3daeabcfe73cf9aadcbbc624d1de7f88185095307c785f1c266bdb9"
+    tag: "1.32.0@sha256:48c81b7aaf4fabf2733a0b888960f6982181fbcd2c3f8dfcebc4a1a065631162"
   jvb:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"
@@ -243,7 +243,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "2.3.4@sha256:46c596818861486ee621cf8a454c2539a4e230e58b1aebb5735022de849de8e6"
+    tag: "2.4.0-trossner-notify-push@sha256:bce12f88cdabc2c5fa81cc4d4dfe7c59e999868f99b2da1f76061dbc2ed55a08"
   nextcloudExporter:
     # providerCategory: "Platform"
     # providerResponsible: "openDesk"
@@ -453,7 +453,7 @@ images:
     # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.9.0@sha256:1a84ae2f21849934d3ff24c066fce21c4bc811521b615cc0071432d3fb1848c1"
+    tag: "1.9.1@sha256:4cc4d4bc39167d7dc305ab1787763fd1091fa1284ddf373e081c595d4dce39a9"
   nubusOpenPolicyAgent:
     # providerCategory: "Supplier"
     # providerResponsible: "Univention"
@@ -833,7 +833,7 @@ images:
     # upstreamMirrorStartFrom: ["1", "91", "2"]
     registry: "registry.opencode.de"
     repository: "bmi/opendesk/components/supplier/element/images-mirror/synapse"
-    tag: "v1.120.2@sha256:daee887fa4ca6370e297439bb33a61896ff3413c9454540446a94e461f097d33"
+    tag: "v1.121.1@sha256:5d8081b6004eb115635334dbc1ec2f87318f19d5ad0e7c62f7476d4cc16de277"
   synapseCreateUser:
     # providerCategory: "Community"
     # providerResponsible: "Nordeck"
@@ -841,7 +841,7 @@ images:
     # upstreamRepository: "alpine/k8s"
     registry: "registry-1.docker.io"
     repository: "alpine/k8s"
-    tag: "1.31.3@sha256:77812543abe5649b286d5f0dc17a7dbaa4056433225f6f695150f329cb4b6803"
+    tag: "1.32.0@sha256:6d49f7f37ae5f4c07bfe46edb44e3d3b6896974d1b87da76d8aa8d6e23b4d619"
   synapseGuestModule:
     # providerCategory: "Supplier"
     # providerResponsible: "Nordeck"

helmfile/environments/default/replicas.yaml.gotmpl

@@ -154,6 +154,8 @@ replicas:
   nextcloud: 1
   # -- scalable: true
   nextcloudExporter: 1
+  # -- scalable: tbd
+  nextcloudPushNotify: 1
 
   # -- component: openDesk Static Files
   # -- scalable: true

helmfile/environments/default/resources.yaml.gotmpl

@@ -239,6 +239,13 @@ resources:
     requests:
       cpu: 0.1
       memory: "512Mi"
+  nextcloudPushNotify:
+    limits:
+      cpu: 99
+      memory: "128Mi"
+    requests:
+      cpu: 0.01
+      memory: "32Gi"
   nextcloudExporter:
     limits:
       cpu: 99

helmfile/environments/default/secrets.yaml.gotmpl

@@ -20,6 +20,7 @@ secrets:
   oxConnector:
     provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ox-connector" | sha1sum | quote }}
   nubus:
+    masterpassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }}
     ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
     ldapSearch:
       keycloak: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ldapsearch_keycloak" | sha1sum | quote }}

helmfile/environments/default/technical.yaml.gotmpl

@@ -6,4 +6,11 @@ technical:
   collabora:
     # Defines the value for the start parameter `-o:num_prespawn_children`
     numPrespawnChildren: 4
+  # Nextcloud related technical settings
+  nextcloud:
+    # Client push / push-notify app related settings.
+    # Ref.: https://apps.nextcloud.com/apps/notify_push
+    pushNotify:
+      # Enable the feature
+      enabled: true
 ...