mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 15:31:38 +01:00
Compare commits
59 Commits
trossner/n
...
el/t3chguy
| Author | SHA1 | Date | |
|---|---|---|---|
|
3259ea0571 | ||
|
|
7680dfece5 | ||
|
|
a80090e55e | ||
|
|
f26250774e | ||
|
|
1480253a52 | ||
|
|
87144b8fd3 | ||
|
|
fdfe76c37e | ||
|
|
51ae1c0a1a | ||
|
|
1724fa14a3 | ||
|
|
2389d59735 | ||
|
|
f34a4a3601 | ||
|
|
dbcc785134 | ||
|
|
dbec2ec36f | ||
|
|
e46c3759e0 | ||
|
|
52b0b13e6b | ||
|
|
4c42ed76e8 | ||
|
|
7b05213d6e | ||
|
|
4296db7c90 | ||
|
|
a6de1fe694 | ||
|
|
817af98fcd | ||
|
|
780596ab40 | ||
|
|
da3adff0ef | ||
|
|
60f5e36b7c | ||
|
|
c4e4258162 | ||
|
|
c62e66cd84 | ||
|
|
ef7e3d225d | ||
|
|
31a22f38cc | ||
|
|
a25a0e9173 | ||
|
|
ba333cd74e | ||
|
|
17a0adb67c | ||
|
|
91d0f98682 | ||
|
|
09f482981b | ||
|
|
930ae9d3e7 | ||
|
|
581c8aed1f | ||
|
|
de8b560fe7 | ||
|
|
370247b951 | ||
|
|
b32996da34 | ||
|
|
10e0b0ad6c | ||
|
|
32df1657d2 | ||
|
|
8dcac46d98 | ||
|
|
284c9fe0c7 | ||
|
|
83c311b101 | ||
|
|
aff8edbde2 | ||
|
|
9c79c44453 | ||
|
|
1e9e7d8e3a | ||
|
|
1f051e7779 | ||
|
|
824e5cbf3e | ||
|
|
955f17ef8b | ||
|
|
ab49bf9f6b | ||
|
|
777e7d2fc6 | ||
|
|
b70959d82d | ||
|
|
6e343c76a3 | ||
|
|
cd9c54b177 | ||
|
|
4662709673 | ||
|
|
8eeaa23c2f | ||
|
|
601e649913 | ||
|
|
2fcf014894 | ||
|
|
c51c92536a | ||
|
|
e23c97430f |
3
.gitignore
vendored
3
.gitignore
vendored
@@ -8,6 +8,9 @@
|
||||
helmfile/environments/dev/*.yaml.gotmpl
|
||||
helmfile/environments/test/*.yaml.gotmpl
|
||||
helmfile/environments/prod/*.yaml.gotmpl
|
||||
helmfile/environments/dev/*/
|
||||
helmfile/environments/test/*/
|
||||
helmfile/environments/prod/*/
|
||||
!helmfile/environments/dev/sample.yaml.gotmpl
|
||||
!helmfile/environments/test/sample.yaml.gotmpl
|
||||
!helmfile/environments/prod/sample.yaml.gotmpl
|
||||
|
||||
127
.gitlab-ci.yml
127
.gitlab-ci.yml
@@ -9,6 +9,12 @@ include:
|
||||
- "ci/common/lint.yml"
|
||||
- "ci/release-automation/semantic-release.yml"
|
||||
- local: "/.gitlab/generate/generate-docs.yml"
|
||||
- local: "/.gitlab/renovate/renovate.yml"
|
||||
- local: "/.gitlab/release/release-common.yml"
|
||||
- local: "/.gitlab/release/release-generate-version.yml"
|
||||
- local: "/.gitlab/release/release-semantic.yml"
|
||||
- local: "/.gitlab/lint/lint-common.yml"
|
||||
- local: "/.gitlab/lint/lint-reuse.yml"
|
||||
- project: "${PROJECT_PATH_CUSTOM_ENVIRONMENT_CONFIG}"
|
||||
file: "gitlab/environments.yaml"
|
||||
ref: "main"
|
||||
@@ -293,12 +299,12 @@ env-start:
|
||||
# Set credentials for openDesk Enterprise Registry
|
||||
- |
|
||||
if [ "${OPENDESK_ENTERPRISE}" = "true" ]; then
|
||||
kubectl create secret
|
||||
--namespace "${NAMESPACE}"
|
||||
docker-registry enterprise-registry
|
||||
--docker-server "registry.opencode.de"
|
||||
--docker-username "${OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME}"
|
||||
--docker-password "${OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD}"
|
||||
kubectl create secret \
|
||||
--namespace "${NAMESPACE}" \
|
||||
docker-registry enterprise-registry \
|
||||
--docker-server "registry.opencode.de" \
|
||||
--docker-username "${OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME}" \
|
||||
--docker-password "${OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD}" \
|
||||
--dry-run=client -o yaml | kubectl apply -f -
|
||||
fi
|
||||
stage: "env"
|
||||
@@ -542,7 +548,8 @@ import-default-accounts:
|
||||
--admin_enable_fileshare True \
|
||||
--admin_enable_knowledgemanagement True \
|
||||
--admin_enable_projectmanagement True \
|
||||
--create_admin_accounts True
|
||||
--create_admin_accounts True \
|
||||
--verify_certificate False
|
||||
|
||||
run-tests:
|
||||
stage: "post-execute"
|
||||
@@ -653,110 +660,4 @@ avscan-start:
|
||||
- artifact: "dynamic-scans.yml"
|
||||
job: "avscan-prepare"
|
||||
strategy: "depend"
|
||||
|
||||
# Overwrite shared settings
|
||||
.common-semantic-release:
|
||||
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release:1.1.0"
|
||||
tags: []
|
||||
|
||||
conventional-commits-linter:
|
||||
rules:
|
||||
- if: >
|
||||
$RUN_RENOVATE == "yes" ||
|
||||
$JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' ||
|
||||
$CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
common-yaml-linter:
|
||||
rules:
|
||||
- if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
reuse-linter:
|
||||
allow_failure: false
|
||||
rules:
|
||||
- if: "$JOB_REUSE_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
generate-release-version:
|
||||
rules:
|
||||
- if: >
|
||||
$JOB_RELEASE_ENABLED != 'false' &&
|
||||
$CI_COMMIT_BRANCH == $RELEASE_BRANCH &&
|
||||
$CI_PIPELINE_SOURCE =~ "push|merge_request_event"
|
||||
when: "on_success"
|
||||
|
||||
release:
|
||||
rules:
|
||||
- if: >
|
||||
$JOB_AVSCAN_ENABLED != 'false' &&
|
||||
$CI_COMMIT_BRANCH == $RELEASE_BRANCH &&
|
||||
$CI_PIPELINE_SOURCE =~ "push|merge_request_event"
|
||||
when: "on_success"
|
||||
script:
|
||||
- >
|
||||
export RELEASE_VERSION=$(semantic-release --dry-run --branches $CI_COMMIT_REF_NAME --plugins
|
||||
"@semantic-release/gitlab" | grep -oP "Published release [0-9]+\.[0-9]+\.[0-9]+ on" |
|
||||
grep -oP "[0-9]+\.[0-9]+\.[0-9]+")
|
||||
- |
|
||||
if [ -z "${RELEASE_VERSION}" ]; then
|
||||
echo "RELEASE_VERSION=$(git describe --tags --abbrev=0 | sed s@^v@@g )"
|
||||
else
|
||||
echo "RELEASE_VERSION=${RELEASE_VERSION}"
|
||||
fi
|
||||
- |
|
||||
echo -e "\n[INFO] Writing data to helm value file..."
|
||||
cat <<EOF >helmfile/environments/default/global.generated.yaml.gotmpl
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v$(echo -E "$RELEASE_VERSION")"
|
||||
...
|
||||
EOF
|
||||
- |
|
||||
cat << 'EOF' > ${CI_PROJECT_DIR}/.releaserc
|
||||
{
|
||||
"branches": ["main"],
|
||||
"plugins": [
|
||||
"@semantic-release/gitlab",
|
||||
"@semantic-release/release-notes-generator",
|
||||
"@semantic-release/changelog",
|
||||
["@semantic-release/git", {
|
||||
"assets": [
|
||||
"charts/**/Chart.yaml",
|
||||
"CHANGELOG.md",
|
||||
"charts/**/README.md",
|
||||
"helmfile/environments/default/global.generated.yaml.gotmpl",
|
||||
".kyverno/kyverno-test.yaml",
|
||||
"docs"
|
||||
],
|
||||
"message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
|
||||
}]
|
||||
]
|
||||
}
|
||||
EOF
|
||||
- "semantic-release"
|
||||
needs:
|
||||
- "generate-docs"
|
||||
|
||||
renovate:
|
||||
rules:
|
||||
- if: >
|
||||
$RUN_RENOVATE == "yes"
|
||||
when: "on_success"
|
||||
# The `-full` image does not install the dependencies on the fly, that is our preferred approach
|
||||
image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/renovate/renovate:37.356-full"
|
||||
variables:
|
||||
RENOVATE_CONFIG_FILE: "${CI_PROJECT_DIR}/.renovate/config.yaml"
|
||||
RENOVATE_ENDPOINT: "${CI_API_V4_URL}"
|
||||
# Increase the renovatebot log level on stdout
|
||||
LOG_LEVEL: "DEBUG"
|
||||
script:
|
||||
- "renovate ${RENOVATE_EXTRA_FLAGS}"
|
||||
stage: "renovate"
|
||||
...
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# SPDX-FileCopyrightText: 2024 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-FileCopyrightText: 2024-2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
include:
|
||||
@@ -8,4 +8,18 @@ include:
|
||||
extends: ".common"
|
||||
stage: "lint"
|
||||
|
||||
common-yaml-linter:
|
||||
rules:
|
||||
- if: "$JOB_COMMON_YAML_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
|
||||
conventional-commits-linter:
|
||||
rules:
|
||||
- if: >
|
||||
$RUN_RENOVATE == "yes" ||
|
||||
$JOB_CONVENTIONAL_COMMITS_LINTER_ENABLED == 'false' ||
|
||||
$CI_PIPELINE_SOURCE =~ 'tags|merge_request_event'
|
||||
when: "never"
|
||||
- when: "always"
|
||||
...
|
||||
|
||||
10
.gitlab/lint/lint-reuse.yml
Normal file
10
.gitlab/lint/lint-reuse.yml
Normal file
@@ -0,0 +1,10 @@
|
||||
# SPDX-FileCopyrightText: 2025 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
reuse-linter:
|
||||
allow_failure: false
|
||||
rules:
|
||||
- if: "$JOB_REUSE_LINTER_ENABLED == 'false' || $CI_PIPELINE_SOURCE =~ 'tags|web|merge_request_event'"
|
||||
when: "never"
|
||||
- when: "always"
|
||||
...
|
||||
8
.gitlab/release/release-common.yml
Normal file
8
.gitlab/release/release-common.yml
Normal file
@@ -0,0 +1,8 @@
|
||||
# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
# Overwrite shared settings
|
||||
.common-semantic-release:
|
||||
image: "registry.opencode.de/bmi/opendesk/components/platform-development/images/semantic-release:1.1.0"
|
||||
tags: []
|
||||
...
|
||||
11
.gitlab/release/release-generate-version.yml
Normal file
11
.gitlab/release/release-generate-version.yml
Normal file
@@ -0,0 +1,11 @@
|
||||
# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
generate-release-version:
|
||||
rules:
|
||||
- if: >
|
||||
$JOB_RELEASE_ENABLED != 'false' &&
|
||||
$CI_COMMIT_BRANCH == $RELEASE_BRANCH &&
|
||||
$CI_PIPELINE_SOURCE =~ "push|merge_request_event"
|
||||
when: "on_success"
|
||||
...
|
||||
63
.gitlab/release/release-semantic.yml
Normal file
63
.gitlab/release/release-semantic.yml
Normal file
@@ -0,0 +1,63 @@
|
||||
# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
release:
|
||||
cache:
|
||||
- key: "generate-docs-${CI_COMMIT_REF_SLUG}"
|
||||
paths:
|
||||
- "${CI_PROJECT_DIR}/docs"
|
||||
policy: "pull"
|
||||
rules:
|
||||
- if: >
|
||||
$JOB_AVSCAN_ENABLED != 'false' &&
|
||||
$CI_COMMIT_BRANCH == $RELEASE_BRANCH &&
|
||||
$CI_PIPELINE_SOURCE =~ "push|merge_request_event"
|
||||
when: "on_success"
|
||||
script:
|
||||
- >
|
||||
export RELEASE_VERSION=$(semantic-release --dry-run --branches $CI_COMMIT_REF_NAME --plugins
|
||||
"@semantic-release/gitlab" | grep -oP "Published release [0-9]+\.[0-9]+\.[0-9]+ on" |
|
||||
grep -oP "[0-9]+\.[0-9]+\.[0-9]+")
|
||||
- |
|
||||
if [ -z "${RELEASE_VERSION}" ]; then
|
||||
echo "RELEASE_VERSION=$(git describe --tags --abbrev=0 | sed s@^v@@g )"
|
||||
else
|
||||
echo "RELEASE_VERSION=${RELEASE_VERSION}"
|
||||
fi
|
||||
- |
|
||||
echo -e "\n[INFO] Writing data to helm value file..."
|
||||
cat <<EOF >helmfile/environments/default/global.generated.yaml.gotmpl
|
||||
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
systemInformation:
|
||||
releaseVersion: "v$(echo -E "$RELEASE_VERSION")"
|
||||
...
|
||||
EOF
|
||||
- |
|
||||
cat << 'EOF' > ${CI_PROJECT_DIR}/.releaserc
|
||||
{
|
||||
"branches": ["main"],
|
||||
"plugins": [
|
||||
"@semantic-release/gitlab",
|
||||
"@semantic-release/release-notes-generator",
|
||||
"@semantic-release/changelog",
|
||||
["@semantic-release/git", {
|
||||
"assets": [
|
||||
"charts/**/Chart.yaml",
|
||||
"CHANGELOG.md",
|
||||
"charts/**/README.md",
|
||||
"helmfile/environments/default/global.generated.yaml.gotmpl",
|
||||
".kyverno/kyverno-test.yaml",
|
||||
"docs"
|
||||
],
|
||||
"message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
|
||||
}]
|
||||
]
|
||||
}
|
||||
EOF
|
||||
- "semantic-release"
|
||||
needs:
|
||||
- "generate-docs"
|
||||
...
|
||||
19
.gitlab/renovate/renovate.yml
Normal file
19
.gitlab/renovate/renovate.yml
Normal file
@@ -0,0 +1,19 @@
|
||||
# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
renovate:
|
||||
rules:
|
||||
- if: >
|
||||
$RUN_RENOVATE == "yes"
|
||||
when: "on_success"
|
||||
# The `-full` image does not install the dependencies on the fly, that is our preferred approach
|
||||
image: "${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/renovate/renovate:37.356-full"
|
||||
variables:
|
||||
RENOVATE_CONFIG_FILE: "${CI_PROJECT_DIR}/.renovate/config.yaml"
|
||||
RENOVATE_ENDPOINT: "${CI_API_V4_URL}"
|
||||
# Increase the renovatebot log level on stdout
|
||||
LOG_LEVEL: "DEBUG"
|
||||
script:
|
||||
- "renovate ${RENOVATE_EXTRA_FLAGS}"
|
||||
stage: "renovate"
|
||||
...
|
||||
@@ -32,7 +32,7 @@ repositories:
|
||||
# Commit type to use if Semantic Commits are enabled (default: "chore")
|
||||
semanticCommitType: "chore"
|
||||
# Enable dependency dashboard
|
||||
dependencyDashboard: true
|
||||
dependencyDashboard: false
|
||||
# Include package files only within these defined paths
|
||||
includePaths:
|
||||
- "helmfile/environments/default/images.yaml.gotmpl"
|
||||
@@ -59,30 +59,47 @@ repositories:
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "openDesk" ]
|
||||
groupName: "Platform"
|
||||
groupSlug: "platform"
|
||||
branchTopic: "platform"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Collabora" ]
|
||||
groupName: "Collabora"
|
||||
groupSlug: "collabora"
|
||||
branchTopic: "collabora"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Element" ]
|
||||
groupName: "Element"
|
||||
groupSlug: "element"
|
||||
branchTopic: "element"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Nordeck" ]
|
||||
groupName: "Nordeck"
|
||||
groupSlug: "nordeck"
|
||||
branchTopic: "nordeck"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Open-Xchange" ]
|
||||
groupName: "Open-Xchange"
|
||||
groupSlug: "openxchange"
|
||||
branchTopic: "openxchang"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "OpenProject" ]
|
||||
groupName: "OpenProject"
|
||||
groupSlug: "openproject"
|
||||
branchTopic: "openproject"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "OpenProject" ]
|
||||
groupName: "OpenProject"
|
||||
matchDepTypes: [ "Nextcloud" ]
|
||||
groupName: "nextcloud"
|
||||
branchTopic: "nextcloud"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "Univention" ]
|
||||
groupName: "Univention"
|
||||
groupSlug: "univention"
|
||||
branchTopic: "univention"
|
||||
- matchDatasources: [ "docker" ]
|
||||
matchDepTypes: [ "XWiki" ]
|
||||
groupName: "XWiki"
|
||||
groupSlug: "xwiki"
|
||||
branchTopic: "xwiki"
|
||||
# Add merge request labels
|
||||
labels:
|
||||
- "renovate"
|
||||
|
||||
32
CHANGELOG.md
32
CHANGELOG.md
@@ -1,3 +1,35 @@
|
||||
## [1.1.2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.1.1...v1.1.2) (2025-02-19)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **dovecot:** Add Dovecot Pro [EE] ([6e343c7](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/6e343c76a32a5bf4b431bdad6be1f7d107caa4f5))
|
||||
* **element:** Add Element EE components ([61d94a8](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/61d94a8de655d1289aaf59c42f0dbf30b0156e1f))
|
||||
* **helmfile:** Add missing customizing option for Matrix widgets ([9c79c44](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/9c79c44453af7b0c68f4ee2a5e40f1f9fb298570))
|
||||
* **helmfile:** Add SSL option for Keycloak Extensions Proxy's PostgreSQL connection ([91d0f98](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/91d0f9868226b08128af518be741c8614342581e))
|
||||
* **helmfile:** Fine-grained service types ([de8b560](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/de8b560fe7e2294229a959398be60bec9b6a7790))
|
||||
* **helmfile:** Integrate oD EE ([03ec704](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/03ec70435c365eca9f555a195b7ab92cc9eee907))
|
||||
* **helmfile:** Introduce `apps` as top level in `opendesk_main.yaml.gotmpl`; Please check migrations.md for upgrades of existing installations ([2fcf014](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/2fcf014894ac3356ef8c6e57dda30c5176172e5e))
|
||||
* **helmfile:** Make openDesk IAM attributes optional with enabled as default ([b32996d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/b32996da347c7ec24fb53afe72fee8c07631bebe))
|
||||
* **helmfile:** Provide toggle in `functional.yaml.gotmpl` for "new device notification" mails ([284c9fe](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/284c9fe0c7e217e3f92ec70eaad6ccf593ff2a87))
|
||||
* **helmfile:** Remove reference to no longer required `elementWeb` chart ([cd9c54b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/cd9c54b17733f9e334c558ccd86e69677264970a))
|
||||
* **helmfile:** Set default for domain to `opendesk.internal` to avoid enforcing DOMAIN environment variable for deployments using YAML overrides ([930ae9d](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/930ae9d3e71bcd3f4034aa4dae5eabb3ae04d11b))
|
||||
* **helmfile:** Update/streamline theming ([8eeaa23](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/8eeaa23c2f68e8e0cbda5b3763ab15ba8262c48d))
|
||||
* **jitsi:** Support for phone dial-in into Jitsi conferences ([1323ef1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1323ef142e789820acb05cb4991d10502a35498b))
|
||||
* **nextcloud:** Update `groupfolders` app to fix group selection in admin mode ([ab49bf9](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/ab49bf9f6bb945cdce3950e46382b7361c48e6e4))
|
||||
* **nextcloud:** Update Nextcloud to 29.0.11 and support for Cron-Job specific resource definitions ([09f4829](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/09f482981b96774b3fe0948b7bb120be90157148))
|
||||
* **nubus:** Disable unused notification feature ([955f17e](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/955f17ef8bb72459beb536cdcf6b502b16eabbff))
|
||||
* **nubus:** Fix Keycloak dialogue background length on small screens ([4662709](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/466270967310fab9333b892c904efa86d21f7d17))
|
||||
* **nubus:** Only configure apps that are deployed to show up in IAM admin UI and Keycloak ([1f051e7](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/1f051e777905668297c98dfa507875c08158bfda))
|
||||
* **nubus:** Re-implement toggle for UDM-REST-API based on `functional.externalServices.nubus.udmRestApi.enabled` ([777e7d2](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/777e7d2fc6afa9c53a4ff1c6853c9960b9a22d5f))
|
||||
* **nubus:** Remove doublet `resources` key in `udm-listener` StatefulSet ([10e0b0a](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/10e0b0ad6cbd89bd88b119f17b6cba6ec698f698))
|
||||
* **nubus:** Support for custom UDM commands ([aff8edb](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/aff8edbde2150763d6a36f97b9403c8c67e51fab))
|
||||
* **nubus:** Update Keycloak Extensions Proxy ([601e649](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/601e6499132c3adaaaea374033511eab09132cb2))
|
||||
* **open-xchange:** Parameters to split read and write queries to MariaDB ([370247b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/370247b95197792a65b84b2d01b9c1806f8b059a))
|
||||
* **open-xchange:** Update OX App Suite to 8.33 ([581c8ae](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/581c8aed1f86bad251141ecb105e59d0054d5a1a))
|
||||
* **openproject:** Update OpenProject to 15.2.1 ([83c311b](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/83c311b101a6fa551d9c25ea4e9a7ef6673137ca))
|
||||
* **oxconnector:** Update to strict `securityContext` from upstream defaults ([32df165](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/commit/32df1657d29a2d73495d52b62bb77521cb8b8e86))
|
||||
|
||||
## [1.1.1](https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/compare/v1.1.0...v1.1.1) (2025-01-27)
|
||||
|
||||
|
||||
|
||||
@@ -44,6 +44,10 @@ To enable the oD EE deployment you must set the environment variable `OPENDESK_E
|
||||
OPENDESK_ENTERPRISE=true
|
||||
```
|
||||
|
||||
> **Note**
|
||||
> Upgrading from oD CE to EE is currently not supported, especially due to the fact it requires a migration
|
||||
> from Dovecot 2.x (standard storage) to Dovecot Pro 3.x (S3).
|
||||
|
||||
# Configuring the oD EE deployment for self-hosted installations
|
||||
|
||||
## Registry access
|
||||
|
||||
13
README.md
13
README.md
@@ -13,6 +13,7 @@ SPDX-License-Identifier: Apache-2.0
|
||||
* [Getting started](#getting-started)
|
||||
* [Advanced customization](#advanced-customization)
|
||||
* [Architecture](#architecture)
|
||||
* [Testing](#testing)
|
||||
* [Permissions](#permissions)
|
||||
* [Releases](#releases)
|
||||
* [Data Storage](#data-storage)
|
||||
@@ -39,9 +40,9 @@ openDesk currently features the following functional main components:
|
||||
| Groupware | OX App Suite | [8.30](https://documentation.open-xchange.com/appsuite/releases/8.30/) | Online documentation available from within the installed application; [Additional resources](https://documentation.open-xchange.com/) |
|
||||
| Knowledge management | XWiki | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/) | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation) |
|
||||
| Portal & IAM | Nubus | [1.5.1](https://docs.software-univention.de/nubus-kubernetes-release-notes/latest/en/changelog.html) | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html) |
|
||||
| Project management | OpenProject | [15.2.0](https://www.openproject.org/docs/release-notes/15-2-0/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Project management | OpenProject | [15.3.1](https://www.openproject.org/docs/release-notes/15-3-1/) | [For the most recent release](https://www.openproject.org/docs/user-guide/) |
|
||||
| Videoconferencing | Jitsi | [2.0.9823](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9823) | [For the most recent release](https://jitsi.github.io/handbook/docs/category/user-guide/) |
|
||||
| Weboffice | Collabora | [24.04.9.2](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
| Weboffice | Collabora | [24.04.12.4](https://www.collaboraoffice.com/code-24-04-release-notes/) | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/) |
|
||||
|
||||
While not all components are perfectly shaped for the execution inside containers, one of the project's objectives is to
|
||||
align the applications with best practices regarding container design and operations.
|
||||
@@ -79,7 +80,11 @@ You would like to install openDesk in your own infrastructure?
|
||||
|
||||
# Architecture
|
||||
|
||||
More information on openDesk's architecture can be found in our [Architecture docs](./docs/architecture.md).
|
||||
More information on openDesk's architecture can be found in our [architecture docs](./docs/architecture.md).
|
||||
|
||||
# Testing
|
||||
|
||||
openDesk is continously tested to ensure a high quality. Read how we test in openDesk in our [test concept](./docs/testing.md).
|
||||
|
||||
# Permissions
|
||||
|
||||
@@ -125,4 +130,4 @@ This project uses the following license: Apache-2.0
|
||||
|
||||
# Copyright
|
||||
|
||||
Copyright (C) 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
Copyright (C) 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
|
||||
@@ -98,6 +98,8 @@ def clone_charts_locally(branch, charts):
|
||||
if os.path.isdir(chart_local_path):
|
||||
logging.debug(f"Found pre-existing {chart_local_path} skipping clone/pull, but will still reference chart in Helmfile...")
|
||||
charts_dict[chart] = chart_local_path
|
||||
git_url = options.git_hostname+':'+repository
|
||||
doublette_dict[git_url] = chart_local_path
|
||||
continue
|
||||
elif 'opendesk/components/platform-development/charts' in repository:
|
||||
logging.info("Cloning the charts repo")
|
||||
@@ -153,7 +155,7 @@ def process_the_helmfiles(charts_dict, charts):
|
||||
if '.Values.charts.'+chart_ident+'.name' in line:
|
||||
logging.debug(f"found match with {chart_ident} in {line.strip()}")
|
||||
line = charts_dict[chart_ident]
|
||||
if os.path.isdir(line+'/charts/'+chart_ident):
|
||||
if os.path.isdir(line+'/charts/'+charts['charts'][chart_ident]['name']):
|
||||
line += '/charts/'+charts['charts'][chart_ident]['name']
|
||||
elif not os.path.isdir(line):
|
||||
sys.exit(f"! Did not find directory to reference in Helmfile: '{line}'")
|
||||
|
||||
@@ -407,6 +407,8 @@ In openDesk, Element is used for chat and direct audio & video calling.
|
||||
|
||||
In openDesk, Jitsi is used for video conferencing and online meetings. It integrates with other applications to provide seamless communication capabilities.
|
||||
|
||||
[Jigasi](https://github.com/jitsi/jigasi) (Jitsi's SIP component) also allows joining the meeting via phone call if an external SIP server and SIP trunk are provided.
|
||||
|
||||
## Nextcloud (Files)
|
||||
|
||||
[Nextcloud](https://nextcloud.com) is a file storage and sync platform with powerful collaboration capabilities with desktop, mobile and web interfaces.
|
||||
|
||||
@@ -98,6 +98,8 @@ multiple namespaces in a cluster.
|
||||
name: selfsigned-issuer
|
||||
kind: ClusterIssuer
|
||||
group: cert-manager.io
|
||||
duration: 87600h # 10y
|
||||
renewBefore: 87599h
|
||||
```
|
||||
|
||||
1. Copy this cert's secret into the/each namespace you want to make use of the cert.
|
||||
|
||||
@@ -22,85 +22,99 @@ service.
|
||||
> **Note**<br>
|
||||
> openDesk supports PostgreSQL as alternative database backend for Nextcloud and XWiki. PostgreSQL is likely become the preferred option/default in the future and MariaDB might be deprecated at a later point requiring migrations[^1] if you do not select PostgreSQL for new installations.
|
||||
|
||||
| Component | Name | Parameter | Key | Default |
|
||||
| ---------------- | ------------------ | --------- | --------------------------------------------- | ---------------------------- |
|
||||
| Element | Synapse | | | |
|
||||
| | | Type | `databases.synapse.type` | `postgresql` |
|
||||
| | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | Password | `databases.synapse.password` | |
|
||||
| Nubus | Guardian Mgmt API | | | |
|
||||
| | | Type | `databases.umsGuardianManagementApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsGuardianManagementApi.name` | `guardianmanagementapi` |
|
||||
| | | Host | `databases.umsGuardianManagementApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsGuardianManagementApi.port` | `5432` |
|
||||
| | | Username | `databases.umsGuardianManagementApi.username` | `guardianmanagementapi_user` |
|
||||
| | | Password | `databases.umsGuardianManagementApi.password` | |
|
||||
| | Keycloak | | | |
|
||||
| | | Type | `databases.keycloak.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloak.port` | `5432` |
|
||||
| | | Username | `databases.keycloak.username` | `keycloak_user` |
|
||||
| | | Password | `databases.keycloak.password` | |
|
||||
| | Keycloak Extension | | | |
|
||||
| | | Type | `databases.keycloakExtension.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|
||||
| | | Host | `databases.keycloakExtension.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloakExtension.port` | `5432` |
|
||||
| | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|
||||
| | | Password | `databases.keycloakExtension.password` | |
|
||||
| | Notifications API | | | |
|
||||
| | | Type | `databases.umsNotificationsApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
|
||||
| | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsNotificationsApi.port` | `5432` |
|
||||
| | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
|
||||
| | | Password | `databases.umsNotificationsApi.password` | |
|
||||
| | Self Service | | | |
|
||||
| | | Type | `databases.umsSelfservice.type` | `postgresql` |
|
||||
| | | Name | `databases.umsSelfservice.name` | `selfservice` |
|
||||
| | | Host | `databases.umsSelfservice.host` | `postgresql` |
|
||||
| | | Port | `databases.umsSelfservice.port` | `5432` |
|
||||
| | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
|
||||
| | | Password | `databases.umsSelfservice.password` | |
|
||||
| Nextcloud | Nextcloud | | | |
|
||||
| | | Type | `databases.nextcloud.type` | `mariadb` |
|
||||
| | | Name | `databases.nextcloud.name` | `nextcloud` |
|
||||
| | | Host | `databases.nextcloud.host` | `mariadb` |
|
||||
| | | Port | `databases.nextcloud.port` | `3306` |
|
||||
| | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|
||||
| | | Password | `databases.nextcloud.password` | |
|
||||
| Notes | Notes | | | |
|
||||
| | | Type | `databases.notes.type` | `postgresql` |
|
||||
| | | Name | `databases.notes.name` | `notes` |
|
||||
| | | Host | `databases.notes.host` | `postgresql` |
|
||||
| | | Port | `databases.notes.port` | `5432` |
|
||||
| | | Username | `databases.notes.username` | `notes_user` |
|
||||
| | | Password | `databases.notes.password` | |
|
||||
| OpenProject | OpenProject | | | |
|
||||
| | | Type | `databases.openproject.type` | `postgresql` |
|
||||
| | | Name | `databases.openproject.name` | `openproject` |
|
||||
| | | Host | `databases.openproject.host` | `postgresql` |
|
||||
| | | Port | `databases.openproject.port` | `5432` |
|
||||
| | | Username | `databases.openproject.username` | `openproject_user` |
|
||||
| | | Password | `databases.openproject.password` | |
|
||||
| OX App Suite[^2] | OX App Suite | | | |
|
||||
| | | Type | `databases.oxAppSuite.type` | `mariadb` |
|
||||
| | | Name | `databases.oxAppSuite.name` | `openxchange` |
|
||||
| | | Host | `databases.oxAppSuite.host` | `mariadb` |
|
||||
| | | Port | `databases.oxAppSuite.port` | `3306` |
|
||||
| | | Username | `databases.oxAppSuite.username` | `root` |
|
||||
| | | Password | `databases.oxAppSuite.password` | |
|
||||
| XWiki[^3] | XWiki | | | |
|
||||
| | | Type | `databases.xwiki.type` | `mariadb` |
|
||||
| | | Name | `databases.xwiki.name` | `xwiki` |
|
||||
| | | Host | `databases.xwiki.host` | `mariadb` |
|
||||
| | | Port | `databases.xwiki.port` | `3306` |
|
||||
| | | Username | `databases.xwiki.username` | `root` |
|
||||
| | | Password | `databases.xwiki.password` | |
|
||||
| Component | Name | Parameter | Key | Default |
|
||||
| ------------------ | ------------------ | --------- | --------------------------------------------- | ---------------------------- |
|
||||
| Element | Synapse | | | |
|
||||
| | | Type | `databases.synapse.type` | `postgresql` |
|
||||
| | | Name | `databases.synapse.name` | `matrix` |
|
||||
| | | Host | `databases.synapse.host` | `postgresql` |
|
||||
| | | Port | `databases.synapse.port` | `5432` |
|
||||
| | | Username | `databases.synapse.username` | `matrix_user` |
|
||||
| | | Password | `databases.synapse.password` | |
|
||||
| Nubus | Guardian Mgmt API | | | |
|
||||
| | | Type | `databases.umsGuardianManagementApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsGuardianManagementApi.name` | `guardianmanagementapi` |
|
||||
| | | Host | `databases.umsGuardianManagementApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsGuardianManagementApi.port` | `5432` |
|
||||
| | | Username | `databases.umsGuardianManagementApi.username` | `guardianmanagementapi_user` |
|
||||
| | | Password | `databases.umsGuardianManagementApi.password` | |
|
||||
| | Keycloak | | | |
|
||||
| | | Type | `databases.keycloak.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloak.name` | `keycloak` |
|
||||
| | | Host | `databases.keycloak.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloak.port` | `5432` |
|
||||
| | | Username | `databases.keycloak.username` | `keycloak_user` |
|
||||
| | | Password | `databases.keycloak.password` | |
|
||||
| | Keycloak Extension | | | |
|
||||
| | | Type | `databases.keycloakExtension.type` | `postgresql` |
|
||||
| | | Name | `databases.keycloakExtension.name` | `keycloak_extensions` |
|
||||
| | | Host | `databases.keycloakExtension.host` | `postgresql` |
|
||||
| | | Port | `databases.keycloakExtension.port` | `5432` |
|
||||
| | | Username | `databases.keycloakExtension.username` | `keycloak_extensions_user` |
|
||||
| | | Password | `databases.keycloakExtension.password` | |
|
||||
| | Notifications API | | | |
|
||||
| | | Type | `databases.umsNotificationsApi.type` | `postgresql` |
|
||||
| | | Name | `databases.umsNotificationsApi.name` | `notificationsapi` |
|
||||
| | | Host | `databases.umsNotificationsApi.host` | `postgresql` |
|
||||
| | | Port | `databases.umsNotificationsApi.port` | `5432` |
|
||||
| | | Username | `databases.umsNotificationsApi.username` | `notificationsapi_user` |
|
||||
| | | Password | `databases.umsNotificationsApi.password` | |
|
||||
| | Self Service | | | |
|
||||
| | | Type | `databases.umsSelfservice.type` | `postgresql` |
|
||||
| | | Name | `databases.umsSelfservice.name` | `selfservice` |
|
||||
| | | Host | `databases.umsSelfservice.host` | `postgresql` |
|
||||
| | | Port | `databases.umsSelfservice.port` | `5432` |
|
||||
| | | Username | `databases.umsSelfservice.username` | `selfservice_user` |
|
||||
| | | Password | `databases.umsSelfservice.password` | |
|
||||
| Nextcloud | Nextcloud | | | |
|
||||
| | | Type | `databases.nextcloud.type` | `mariadb` |
|
||||
| | | Name | `databases.nextcloud.name` | `nextcloud` |
|
||||
| | | Host | `databases.nextcloud.host` | `mariadb` |
|
||||
| | | Port | `databases.nextcloud.port` | `3306` |
|
||||
| | | Username | `databases.nextcloud.username` | `nextcloud_user` |
|
||||
| | | Password | `databases.nextcloud.password` | |
|
||||
| Notes | Notes | | | |
|
||||
| | | Type | `databases.notes.type` | `postgresql` |
|
||||
| | | Name | `databases.notes.name` | `notes` |
|
||||
| | | Host | `databases.notes.host` | `postgresql` |
|
||||
| | | Port | `databases.notes.port` | `5432` |
|
||||
| | | Username | `databases.notes.username` | `notes_user` |
|
||||
| | | Password | `databases.notes.password` | |
|
||||
| OpenProject | OpenProject | | | |
|
||||
| | | Type | `databases.openproject.type` | `postgresql` |
|
||||
| | | Name | `databases.openproject.name` | `openproject` |
|
||||
| | | Host | `databases.openproject.host` | `postgresql` |
|
||||
| | | Port | `databases.openproject.port` | `5432` |
|
||||
| | | Username | `databases.openproject.username` | `openproject_user` |
|
||||
| | | Password | `databases.openproject.password` | |
|
||||
| OX App Suite[^2] | OX App Suite | | | |
|
||||
| | | Type | `databases.oxAppSuite.type` | `mariadb` |
|
||||
| | | Name | `databases.oxAppSuite.name` | `openxchange` |
|
||||
| | | Host | `databases.oxAppSuite.host` | `mariadb` |
|
||||
| | | Port | `databases.oxAppSuite.port` | `3306` |
|
||||
| | | Username | `databases.oxAppSuite.username` | `root` |
|
||||
| | | Password | `databases.oxAppSuite.password` | |
|
||||
| OX Dovecot Pro[^3] | ACLs | | | |
|
||||
| | | Type | `databases.dovecotACL.type` | `cassandra` |
|
||||
| | | Name | `databases.dovecotACL.name` | `dovecot_acl` |
|
||||
| | | Host | `databases.dovecotACL.host` | `cassandra` |
|
||||
| | | Port | `databases.dovecotACL.port` | `9042` |
|
||||
| | | Username | `databases.dovecotACL.username` | `dovecot_acl_user` |
|
||||
| | | Password | `databases.dovecotACL.password` | |
|
||||
| | Dictmap | | | |
|
||||
| | | Type | `databases.dovecotDictmap.type` | `cassandra` |
|
||||
| | | Name | `databases.dovecotDictmap.name` | `dovecot_dictmap` |
|
||||
| | | Host | `databases.dovecotDictmap.host` | `cassandra` |
|
||||
| | | Port | `databases.dovecotDictmap.port` | `9042` |
|
||||
| | | Username | `databases.dovecotDictmap.username` | `dovecot_dictmap_user` |
|
||||
| | | Password | `databases.dovecotDictmap.password` | |
|
||||
| XWiki[^4] | XWiki | | | |
|
||||
| | | Type | `databases.xwiki.type` | `mariadb` |
|
||||
| | | Name | `databases.xwiki.name` | `xwiki` |
|
||||
| | | Host | `databases.xwiki.host` | `mariadb` |
|
||||
| | | Port | `databases.xwiki.port` | `3306` |
|
||||
| | | Username | `databases.xwiki.username` | `root` |
|
||||
| | | Password | `databases.xwiki.password` | |
|
||||
|
||||
# Object storage
|
||||
|
||||
@@ -149,4 +163,6 @@ service.
|
||||
|
||||
[^2] OX App Suite only supports MariaDB and requires root access, as it manages its databases itself.
|
||||
|
||||
[^3] XWiki requires root access when using MariaDB as sub-wikis are using separate databases that are managed by XWiki. When using PostgreSQL with XWiki no root user is required as the sub-wikis are managed within multiple schemes within a single database.
|
||||
[^3] openDesk Enterprise only.
|
||||
|
||||
[^4] XWiki requires root access when using MariaDB as sub-wikis are using separate databases that are managed by XWiki. When using PostgreSQL with XWiki no root user is required as the sub-wikis are managed within multiple schemes within a single database.
|
||||
|
||||
@@ -101,33 +101,34 @@ All available apps and their default value are in `helmfile/environments/default
|
||||
|
||||
| Component | Name | Default | Description |
|
||||
| -------------------- | --------------------------- | ------- | ------------------------------ |
|
||||
| Certificates | `certificates.enabled` | `true` | TLS certificates |
|
||||
| ClamAV (Distributed) | `clamavDistributed.enabled` | `false` | Antivirus engine |
|
||||
| ClamAV (Simple) | `clamavSimple.enabled` | `true` | Antivirus engine |
|
||||
| Collabora | `collabora.enabled` | `true` | Weboffice |
|
||||
| CryptPad | `cryptpad.enabled` | `true` | Weboffice |
|
||||
| dkimpy | `dkimpy.enabled` | `false` | Postfix milter for DKIM |
|
||||
| Dovecot | `dovecot.enabled` | `true` | Mail backend |
|
||||
| Element | `element.enabled` | `true` | Secure communications platform |
|
||||
| Home | `home.enabled` | `true` | Base domain portal redirect |
|
||||
| Jitsi | `jitsi.enabled` | `true` | Videoconferencing |
|
||||
| MariaDB | `mariadb.enabled` | `true` | Database |
|
||||
| Memcached | `memcached.enabled` | `true` | Cache Database |
|
||||
| MinIO | `minio.enabled` | `true` | Object Storage |
|
||||
| Nextcloud | `nextcloud.enabled` | `true` | File share |
|
||||
| Nubus | `nubus.enabled` | `true` | Identity Management & Portal |
|
||||
| OpenProject | `openproject.enabled` | `true` | Project management |
|
||||
| OX App Suite | `oxAppSuite.enabled` | `true` | Groupware |
|
||||
| Postfix | `postfix.enabled` | `true` | MTA |
|
||||
| PostgreSQL | `postgresql.enabled` | `true` | Database |
|
||||
| Redis | `redis.enabled` | `true` | Cache Database |
|
||||
| XWiki | `xwiki.enabled` | `true` | Knowledge management |
|
||||
| Certificates | `apps.certificates.enabled` | `true` | TLS certificates |
|
||||
| ClamAV (Distributed) | `apps.clamavDistributed.enabled` | `false` | Antivirus engine |
|
||||
| ClamAV (Simple) | `apps.clamavSimple.enabled` | `true` | Antivirus engine |
|
||||
| Collabora | `apps.collabora.enabled` | `true` | Weboffice |
|
||||
| CryptPad | `apps.cryptpad.enabled` | `true` | Weboffice |
|
||||
| dkimpy | `apps.dkimpy.enabled` | `false` | Postfix milter for DKIM |
|
||||
| Dovecot | `apps.dovecot.enabled` | `true` | Mail backend |
|
||||
| Element | `apps.element.enabled` | `true` | Secure communications platform |
|
||||
| Home | `apps.home.enabled` | `true` | Base domain portal redirect |
|
||||
| Jitsi | `apps.jitsi.enabled` | `true` | Videoconferencing |
|
||||
| MariaDB | `apps.mariadb.enabled` | `true` | Database |
|
||||
| Memcached | `apps.memcached.enabled` | `true` | Cache Database |
|
||||
| MinIO | `apps.minio.enabled` | `true` | Object Storage |
|
||||
| Nextcloud | `apps.nextcloud.enabled` | `true` | File share |
|
||||
| Nubus | `apps.nubus.enabled` | `true` | Identity Management & Portal |
|
||||
| OpenProject | `apps.openproject.enabled` | `true` | Project management |
|
||||
| OX App Suite | `apps.oxAppSuite.enabled` | `true` | Groupware |
|
||||
| Postfix | `apps.postfix.enabled` | `true` | MTA |
|
||||
| PostgreSQL | `apps.postgresql.enabled` | `true` | Database |
|
||||
| Redis | `apps.redis.enabled` | `true` | Cache Database |
|
||||
| XWiki | `apps.xwiki.enabled` | `true` | Knowledge management |
|
||||
|
||||
Exemplary, Jitsi can be disabled like:
|
||||
|
||||
```yaml
|
||||
jitsi:
|
||||
enabled: false
|
||||
apps:
|
||||
jitsi:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
## Private registries
|
||||
@@ -304,8 +305,10 @@ Enabling DKIM signing of emails helps to reduce spam and increases trust.
|
||||
openDesk ships dkimpy-milter as Postfix milter for signing emails.
|
||||
|
||||
```yaml
|
||||
dkimpy:
|
||||
enable: true
|
||||
apps:
|
||||
dkimpy:
|
||||
enabled: true
|
||||
smtp:
|
||||
dkim:
|
||||
key:
|
||||
value: "HzZs08QF1O7UiAkcM9T3U7rePPECtSFvWZIvyKqdg8E="
|
||||
@@ -337,8 +340,9 @@ secret named `opendesk-certificates-tls` must be present in the application name
|
||||
turn off `Certificate` resource creation by:
|
||||
|
||||
```yaml
|
||||
certificates:
|
||||
enabled: false
|
||||
apps:
|
||||
certificates:
|
||||
enabled: false
|
||||
```
|
||||
|
||||
If you want to leverage the `cert-manager.io` to handle certificates, like `Let's encrypt`, you need to provide the
|
||||
|
||||
@@ -16,6 +16,7 @@ This section covers the internal system requirements and external service requir
|
||||
* [Certificate management](#certificate-management)
|
||||
* [External services](#external-services)
|
||||
* [Deployment](#deployment)
|
||||
* [Footnotes](#footnotes)
|
||||
<!-- TOC -->
|
||||
|
||||
# tl;dr
|
||||
@@ -24,12 +25,14 @@ openDesk is a Kubernetes-only solution and requires an existing Kubernetes (K8s)
|
||||
|
||||
- K8s cluster >= 1.24, [CNCF Certified Kubernetes distribution](https://www.cncf.io/certification/software-conformance/)
|
||||
- Domain and DNS Service
|
||||
- Ingress controller (Ingress NGINX)
|
||||
- Ingress controller (Ingress NGINX) == [4.11.x/1.11.x](https://github.com/kubernetes/ingress-nginx/releases) - tested with 1.11.1 up to 1.11.4
|
||||
- **Note**: We are working on support for more recent versions, as issues have been reported with 1.12.x.
|
||||
- [Helm](https://helm.sh/) >= v3.9.0
|
||||
- [Helmfile](https://helmfile.readthedocs.io/en/latest/) >= **v1.0.0-rc8**
|
||||
- [HelmDiff](https://github.com/databus23/helm-diff) >= 3.6.0
|
||||
- Volume provisioner supporting RWO (read-write-once)
|
||||
- Certificate handling with [cert-manager](https://cert-manager.io/)
|
||||
- [OpenKruise](https://openkruise.io/)[^1] >= 1.6
|
||||
|
||||
# Hardware
|
||||
|
||||
@@ -84,19 +87,20 @@ For the development and evaluation of openDesk, we bundle some services. Be awar
|
||||
deployments, you need to make use of your own production-grade services; see the
|
||||
[external-services.md](./external-services.md) for configuration details.
|
||||
|
||||
| Group | Type | Version | Tested against |
|
||||
| Group | Type | Version | Tested against |
|
||||
| -------- | ------------------- | ------- | --------------------- |
|
||||
| Cache | Memcached | `1.6.x` | Memcached |
|
||||
| | Redis | `7.x.x` | Redis |
|
||||
| Database | MariaDB | `10.x` | MariaDB |
|
||||
| | PostgreSQL | `15.x` | PostgreSQL |
|
||||
| Mail | Mail Transfer Agent | | Postfix |
|
||||
| | PKI/CI (S/MIME) | | |
|
||||
| Security | AntiVirus/ICAP | | ClamAV |
|
||||
| Storage | K8s ReadWriteOnce | | Ceph / Cloud specific |
|
||||
| | K8s ReadWriteMany | | Ceph / NFS |
|
||||
| | Object Storage | | MinIO |
|
||||
| Voice | TURN | | Coturn |
|
||||
| Cache | Memcached | `1.6.x` | Memcached |
|
||||
| | Redis | `7.x.x` | Redis |
|
||||
| Database | Cassandra[^1] | `5.0.x` | Cassandra |
|
||||
| | MariaDB | `10.x` | MariaDB |
|
||||
| | PostgreSQL | `15.x` | PostgreSQL |
|
||||
| Mail | Mail Transfer Agent | | Postfix |
|
||||
| | PKI/CI (S/MIME) | | |
|
||||
| Security | AntiVirus/ICAP | | ClamAV |
|
||||
| Storage | K8s ReadWriteOnce | | Ceph / Cloud specific |
|
||||
| | K8s ReadWriteMany | | Ceph / NFS |
|
||||
| | Object Storage | | MinIO |
|
||||
| Voice | TURN | | Coturn |
|
||||
|
||||
# Deployment
|
||||
|
||||
@@ -104,3 +108,7 @@ The deployment of each component is [Helm](https://helm.sh/) based. The 35+ Helm
|
||||
templated via [Helmfile](https://helmfile.readthedocs.io/en/latest/) to provide a streamlined deployment experience.
|
||||
|
||||
Helmfile requires [HelmDiff](https://github.com/databus23/helm-diff) to compare the desired against the deployed state.
|
||||
|
||||
# Footnotes
|
||||
|
||||
[^1]: Required for Dovecot Pro as part of openDesk Enterprise Edition.
|
||||
|
||||
141
docs/testing.md
Normal file
141
docs/testing.md
Normal file
@@ -0,0 +1,141 @@
|
||||
<!--
|
||||
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
-->
|
||||
|
||||
<h1>Testing</h1>
|
||||
|
||||
<!-- TOC -->
|
||||
* [Overview](#overview)
|
||||
* [Test concept](#test-concept)
|
||||
* [Rely on upstream applications QA](#rely-on-upstream-applications-qa)
|
||||
* [Run minimal functional QA (end-to-end tests)](#run-minimal-functional-qa-end-to-end-tests)
|
||||
* [Run extensive load- and performance tests](#run-extensive-load--and-performance-tests)
|
||||
* [Base performance testing](#base-performance-testing)
|
||||
* [Load testing to saturation point](#load-testing-to-saturation-point)
|
||||
* [Load testing up to a defined user count](#load-testing-up-to-a-defined-user-count)
|
||||
* [Overload/recovery tests](#overloadrecovery-tests)
|
||||
* [Reporting and test results](#reporting-and-test-results)
|
||||
* [Allure TestOps](#allure-testops)
|
||||
<!-- TOC -->
|
||||
|
||||
# Overview
|
||||
|
||||
The following section provides an overview of the testing approach adopted to ensure the quality and reliability of openDesk. This concept balances leveraging existing quality assurance (QA) processes with targeted testing efforts tailored to the specific needs of openDesk. The outlined strategy focuses on three key areas:
|
||||
|
||||
1. Relying on application QA: Utilizing the existing QA processes of the applications to ensure baseline functionality and quality standards.
|
||||
2. Minimal functional QA: Executing end-to-end tests to validate critical workflows and ensure that key functionalities operate as expected.
|
||||
3. Extensive load and performance testing: Conducting comprehensive load and performance tests to assess openDesk's scalability and response under varying usage conditions.
|
||||
|
||||
These efforts are designed to complement each other, minimizing redundancy while ensuring robust testing coverage.
|
||||
|
||||
# Test concept
|
||||
|
||||
## Rely on upstream applications QA
|
||||
|
||||
openDesk contains applications from different suppliers, as a general approach, we rely on the testing
|
||||
conducted by these suppliers for their respective applications.
|
||||
|
||||
We review the supplier's QA measures on a regular basis, to ensure a reliable and sufficient QA of the underlying applications.
|
||||
|
||||
We receive the release notes early before a new application release is integrated into openDesk, so
|
||||
we are able to check the existence of a sufficient set of test scases.
|
||||
The suppliers create a set of test cases for each new functionality.
|
||||
|
||||
## Run minimal functional QA (end-to-end tests)
|
||||
|
||||
To ensure the functioning of all applications, we run a minimal set of testcases to check the
|
||||
basic functionality of openDesk and all integrated applications.
|
||||
|
||||
Furthermore, we analyze all features/usecases which are implemented by a set of more than one
|
||||
applications.
|
||||
All these features are not testable naturally by the suppliers, so we develop testcases
|
||||
for such features.
|
||||
|
||||
The openDesk application owners prioritize then this list of end-to-end-testcases, and we
|
||||
implement these testcases in the [test automation framework](https://gitlab.opencode.de/bmi/opendesk/deployment/e2e-tests).
|
||||
|
||||
## Run extensive load- and performance tests
|
||||
|
||||
We want to deliver openDesk as an application-grade software with the ability to serve a large user base.
|
||||
|
||||
We create and perform extensive load- and performance tests for every release of openDesk.
|
||||
|
||||
Our approach consists of different layers of load testing.
|
||||
|
||||
### Base performance testing
|
||||
|
||||
For these tests we define a set of "normal", not too complicated user-interactions with openDesk.
|
||||
|
||||
For each testcase in this set, we measure the duration of the whole testcase (and steps inside the
|
||||
testcase) on a given, unloaded environment, installed with a predefined setup and openDesk release.
|
||||
|
||||
As a result, we receive the total runtime of one iteration of the given testcase, the runtime of each
|
||||
step inside the testcase, the error rate and min/max/median runtimes.
|
||||
|
||||
Most importantly, the environment should not be used by other users or background tasks, so it should
|
||||
be an environment being mostly in idle state.
|
||||
|
||||
The results can be compared with the results of the previous release, so we can see if changes
|
||||
in software components improve or decrease the performance of a testcase.
|
||||
|
||||
### Load testing to saturation point
|
||||
|
||||
These tests are performed to ensure the correct processing and user interactions even in
|
||||
high-load scenarios.
|
||||
|
||||
We use the same test cases as in the base performance tests.
|
||||
|
||||
Now we measure the duration on a well-defined environment while the system is being used
|
||||
by a predefined number of test users in parallel. This number will be scaled up.
|
||||
|
||||
Our goal is to see constant runtimes of each testcase iteration, while the total throughput
|
||||
of requests increases consistently with the number of users in parallel usage of the system.
|
||||
|
||||
At a distinct point, a further increase of the number of users leads to no more increase of the
|
||||
total throughput, but instead leads to an increase in the runtime of each testcase iteration.
|
||||
|
||||
This point, the saturation point, is the load limit of the environment. Up to this point the
|
||||
environment and the installed software packages can handle the load. More load over this point
|
||||
leads to increased response times and increased error rates.
|
||||
|
||||
### Load testing up to a defined user count
|
||||
|
||||
For interested partners, that are looking into large scale openDesk deployments,
|
||||
we offer a load testing analysis based on defined scenarios to be discussed together with the partner in a workshop.
|
||||
|
||||
This way, we can help to decide on the appropriate sizing for the planned openDesk usage scenario.
|
||||
|
||||
### Overload/recovery tests
|
||||
|
||||
If necessary, we perform overload tests, which will saturate the system with multiple
|
||||
test cases until no further increase in throughput is visible. Then we add even more load
|
||||
until the first HTTP requests run into timeouts or errors.
|
||||
After a few minutes, we reduce the load below the saturation point.
|
||||
Now we can check if the system is able to recover from the overload status.
|
||||
|
||||
# Reporting and test results
|
||||
|
||||
We perform testruns every night on every of our environments.
|
||||
|
||||
For each environment, we define so called profiles, these contains the features enabled
|
||||
per environment.
|
||||
|
||||
For example: Testing the email features in an environment without deployment of Open-Xchange makes no sense at all.
|
||||
|
||||
Also we test the whole system via a browser with `language=DE` and another browser with `language=EN`.
|
||||
|
||||
The test results will be saved in an [Allure TestOps](https://qameta.io/) server, so interested persons
|
||||
are able to view the test results in detail.
|
||||
|
||||
## Allure TestOps
|
||||
|
||||
The Allure TestOps [server](https://testops.opendesk.run/) is currently only accessible to project members.
|
||||
|
||||
The relevant project is called *opendesk*.
|
||||
|
||||
To get an overview, click in the left symbol list onto the symbol "Rocket" to
|
||||
check all relevant launches.
|
||||
|
||||
Now you can, e.g., see the launch #1733, and directly check for the success
|
||||
of this launch.
|
||||
@@ -143,13 +143,16 @@ As a standard, the openDesk platform development team uses [reuse.software](http
|
||||
|
||||
openDesk uses Apache 2.0 as the license for their work. A typical reuse copyright and license header looks like this:
|
||||
```
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
```
|
||||
The way to mark the license header as a comment differs between the various file types. Please find matching examples for all types across the [deployment automation repository](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace).
|
||||
|
||||
> **Note**<br>
|
||||
> If an `SPDX-FileCopyrightText` already exists, do not replace but add an additional line based on the above example.
|
||||
> If a `SPDX-FileCopyrightText` already exists with the copyright owner described above but with an past year (e.g. 2024), please update this copyright header line to cover (up to and including) the current year, e.g. `2024-2025`.
|
||||
|
||||
> **Note**<br>
|
||||
> If line(s) with `SPDX-FileCopyrightText` containing a different copyright owner exist in the file you are working on, do not replace existing one(s) but add an additional header above these.
|
||||
|
||||
## Development workflow
|
||||
|
||||
|
||||
@@ -161,6 +161,9 @@ releases:
|
||||
version: "{{ .Values.charts.synapseCreateAccount.version }}"
|
||||
values:
|
||||
- "values-matrix-user-verification-service-bootstrap.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixUserVerificationServiceBootstrap }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -169,6 +172,9 @@ releases:
|
||||
version: "{{ .Values.charts.matrixUserVerificationService.version }}"
|
||||
values:
|
||||
- "values-matrix-user-verification-service.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixUserVerificationService }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -177,14 +183,20 @@ releases:
|
||||
version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
|
||||
values:
|
||||
- "values-matrix-neoboard-widget.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixNeoboardWidget }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "matrix-neochoice-widget"
|
||||
chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
|
||||
version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
|
||||
chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiceWidget.name }}"
|
||||
version: "{{ .Values.charts.matrixNeochoiceWidget.version }}"
|
||||
values:
|
||||
- "values-matrix-neochoice-widget.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixNeochoiceWidget }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -193,6 +205,9 @@ releases:
|
||||
version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
|
||||
values:
|
||||
- "values-matrix-neodatefix-widget.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixNeodatefixWidget }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -201,6 +216,9 @@ releases:
|
||||
version: "{{ .Values.charts.synapseCreateAccount.version }}"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixNeodatefixBotBootstrap }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
@@ -209,6 +227,9 @@ releases:
|
||||
version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
|
||||
values:
|
||||
- "values-matrix-neodatefix-bot.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.matrixNeodatefixBot }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.element.enabled }}
|
||||
timeout: 900
|
||||
|
||||
|
||||
@@ -12,9 +12,9 @@ containerSecurityContext:
|
||||
enabled: true
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: false
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 1000
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
seLinuxOptions:
|
||||
|
||||
@@ -45,13 +45,12 @@ configuration:
|
||||
homeserver:
|
||||
# -- URL of synapse deployment. As default the url of synapse will be used.
|
||||
#baseUrl: ""
|
||||
homeserver:
|
||||
serverName: {{ .Values.global.matrixDomain | default .Values.global.domain | quote }}
|
||||
ldap:
|
||||
base: {{ .Values.ldap.baseDn | quote }}
|
||||
bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal"
|
||||
bind_dn: "uid=ldapsearch_element,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
|
||||
filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal)"
|
||||
filter: "(memberOf=cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }})"
|
||||
uri: {{ printf "ldap://%s:389" .Values.ldap.host | quote }}
|
||||
cron:
|
||||
image:
|
||||
|
||||
@@ -12,7 +12,6 @@ global:
|
||||
|
||||
configuration:
|
||||
secretName: "matrix-adminbot-config"
|
||||
#serviceName: "opendesk-synapse-adminbot-pipe"
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementPipe.registry | quote }}
|
||||
url: {{ .Values.images.elementPipe.repository | quote }}
|
||||
|
||||
@@ -13,7 +13,6 @@ global:
|
||||
configuration:
|
||||
homeserver:
|
||||
serverName: {{ .Values.global.matrixDomain | default .Values.global.domain }}
|
||||
#fullnameOverride: "opendesk-synapse-adminbot-web"
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementAdminBot.registry | quote }}
|
||||
repository: {{ .Values.images.elementAdminBot.repository | quote }}
|
||||
|
||||
@@ -12,7 +12,6 @@ global:
|
||||
|
||||
configuration:
|
||||
secretName: "matrix-auditbot-config"
|
||||
#serviceName: "opendesk-synapse-auditbot-pipe"
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDeEnterprise .Values.global.imageRegistry .Values.images.elementPipe.registry | quote }}
|
||||
url: {{ .Values.images.elementPipe.repository | quote }}
|
||||
|
||||
@@ -24,21 +24,21 @@ configuration:
|
||||
name: "description"
|
||||
uid: "uid"
|
||||
base: {{ .Values.ldap.baseDn | quote }}
|
||||
bind_dn: "uid=ldapsearch_element,cn=users,dc=swp-ldap,dc=internal"
|
||||
bind_dn: "uid=ldapsearch_element,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
bind_password: {{ .Values.secrets.nubus.ldapSearch.element | quote }}
|
||||
check_interval_seconds: 60
|
||||
type: mapped-ldap
|
||||
uri: "ldap://ums-ldap-server:389"
|
||||
spaces:
|
||||
- groups:
|
||||
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal"
|
||||
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
powerLevel: 50
|
||||
- externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,dc=swp-ldap,dc=internal"
|
||||
- externalId: "cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
id: "c3122e32-4e05-4bf8-8a5d-66679076ed36"
|
||||
name: "openDesk"
|
||||
subspaces:
|
||||
- groups:
|
||||
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,dc=swp-ldap,dc=internal"
|
||||
- externalId: "cn=managed-by-attribute-LivecollaborationAdmin,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
powerLevel: 50
|
||||
id: "e7889d96-5baa-4e21-be6e-12c66b2e9565"
|
||||
name: "openDesk Element Admins"
|
||||
|
||||
@@ -136,8 +136,8 @@ configuration:
|
||||
port: 25
|
||||
tls: false
|
||||
starttls: false
|
||||
username: ""
|
||||
password: ""
|
||||
username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
|
||||
oidc:
|
||||
clientId: "opendesk-matrix"
|
||||
@@ -208,6 +208,8 @@ extraVolumeMounts:
|
||||
|
||||
federation:
|
||||
enabled: {{ .Values.functional.externalServices.matrix.federation.enabled }}
|
||||
domainAllowList:
|
||||
{{ .Values.functional.externalServices.matrix.federation.domainAllowList | toYaml | nindent 4 }}
|
||||
ingress:
|
||||
host: "{{ .Values.global.hosts.synapseFederation }}.{{ .Values.global.domain }}"
|
||||
enabled: {{ .Values.ingress.enabled }}
|
||||
|
||||
@@ -49,6 +49,7 @@ extraVolumeMounts:
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
image:
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
@@ -219,7 +220,7 @@ jitsi:
|
||||
resources:
|
||||
{{ .Values.resources.jvb | toYaml | nindent 6 }}
|
||||
service:
|
||||
type: {{ .Values.cluster.service.type | quote }}
|
||||
type: {{ coalesce .Values.service.type.jitsiVideoBridge .Values.cluster.service.type | quote }}
|
||||
securityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities: {}
|
||||
|
||||
@@ -16,6 +16,8 @@ additionalAnnotations:
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
configuration:
|
||||
administrator:
|
||||
@@ -121,10 +123,13 @@ configuration:
|
||||
value: {{ .Values.secrets.keycloak.clientSecret.ncoidc | quote }}
|
||||
|
||||
opendeskIntegration:
|
||||
username:
|
||||
value: "opendesk_username"
|
||||
password:
|
||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
centralnavigation:
|
||||
username:
|
||||
value: "opendesk_username"
|
||||
password:
|
||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
oxAppSuite:
|
||||
enabled: {{ .Values.apps.oxAppSuite.enabled }}
|
||||
|
||||
sharing:
|
||||
allowLinks: {{ .Values.functional.filestore.sharing.external.enabled }}
|
||||
@@ -142,16 +147,16 @@ configuration:
|
||||
|
||||
smtp:
|
||||
auth:
|
||||
enabled: false
|
||||
enabled: true
|
||||
username:
|
||||
value: ""
|
||||
value: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
password:
|
||||
value: ""
|
||||
value: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
port: 25
|
||||
port: 587
|
||||
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
||||
mailDomain: "{{ .Values.global.domain }}"
|
||||
security: ""
|
||||
security: "tls"
|
||||
skipVerifyPeer: true
|
||||
|
||||
quota:
|
||||
@@ -161,7 +166,8 @@ configuration:
|
||||
versions: {{ .Values.functional.filestore.nextcloud.retentionObligation.versions | quote }}
|
||||
|
||||
serverinfo:
|
||||
token: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
token:
|
||||
value: {{ .Values.secrets.nextcloud.metricsToken | quote }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -102,6 +102,9 @@ aio:
|
||||
{{ .Values.seLinuxOptions.nextcloud | toYaml | nindent 6 }}
|
||||
cron:
|
||||
successfulJobsHistoryLimit: {{ if .Values.debug.enabled }}"3"{{ else }}"0"{{ end }}
|
||||
resources:
|
||||
{{ .Values.resources.nextcloudCron | toYaml | nindent 6 }}
|
||||
|
||||
debug:
|
||||
loglevel: {{ if .Values.debug.enabled }}"0"{{ else }}"2"{{ end }}
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
|
||||
@@ -168,6 +168,9 @@ backend:
|
||||
DJANGO_EMAIL_HOST: "postfix"
|
||||
DJANGO_EMAIL_PORT: 25
|
||||
DJANGO_EMAIL_USE_SSL: False
|
||||
DJANGO_EMAIL_HOST_USER: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
DJANGO_EMAIL_HOST_PASSWORD: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
DJANGO_EMAIL_USE_TLS: False
|
||||
OIDC_RP_CLIENT_ID: "opendesk-notes"
|
||||
OIDC_RP_CLIENT_SECRET: {{ .Values.secrets.keycloak.clientSecret.notes | quote }}
|
||||
OIDC_OP_JWKS_ENDPOINT: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/certs"
|
||||
|
||||
@@ -42,6 +42,12 @@ global:
|
||||
repository: {{ .Values.images.nubusOpendeskExtension.repository }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||
tag: {{ .Values.images.nubusOpendeskExtension.tag }}
|
||||
- name: "opendesk-a2g-mapper"
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.nubusOpendeskExtensionA2gMapper.registry | quote }}
|
||||
repository: {{ .Values.images.nubusOpendeskExtensionA2gMapper.repository }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy }}
|
||||
tag: {{ .Values.images.nubusOpendeskExtensionA2gMapper.tag }}
|
||||
|
||||
# -- Allows to configure the system extensions to load. This is intended for
|
||||
# internal usage, prefer to use `global.extensions` for user configured
|
||||
@@ -99,7 +105,7 @@ global:
|
||||
show: "false"
|
||||
login:
|
||||
password-complexity-message:
|
||||
de: "Das Passwort muss mindestens 8 Zeichen lang sein und darf keine Zahlenabfolge oder ganze Worte enthalten, wie '1234Test'."
|
||||
de: "Das Passwort muss mindestens 8 Zeichen lang sein und darf keine Zahlenabfolge oder ganze Worte enthalten, wie '1234Test'."
|
||||
en: "Password must be at least 8 characters long and cannot include a number series or regular words, like '1234Test'."
|
||||
module:
|
||||
udm:
|
||||
@@ -516,6 +522,7 @@ nubusKeycloakExtensions:
|
||||
connection:
|
||||
host: {{ .Values.databases.keycloakExtension.host | quote }}
|
||||
port: {{ .Values.databases.keycloakExtension.port | quote }}
|
||||
ssl: {{ .Values.databases.keycloakExtension.ssl | quote }}
|
||||
auth:
|
||||
database: {{ .Values.databases.keycloakExtension.name | quote }}
|
||||
username: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||
@@ -530,14 +537,16 @@ nubusKeycloakExtensions:
|
||||
ssl: false
|
||||
starttls: false
|
||||
auth:
|
||||
enabled: false
|
||||
username: ""
|
||||
enabled: true
|
||||
username: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
existingSecret:
|
||||
name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
||||
keyMapping:
|
||||
password: "umcKeycloakExtensionsSmtpPassword"
|
||||
handler:
|
||||
appConfig:
|
||||
newDeviceLoginNotificationEnable: {{ if .Values.functional.authentication.newDeviceLoginNotification.enabled }}"True"{{ else }}"False"{{ end }}
|
||||
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
|
||||
newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
|
||||
mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
@@ -818,7 +827,8 @@ nubusLdapServer:
|
||||
replicaCountPrimary: {{ .Values.replicas.umsLdapServerPrimary }}
|
||||
replicaCountSecondary: {{ .Values.replicas.umsLdapServerSecondary }}
|
||||
replicaCountProxy: {{ .Values.replicas.umsLdapServerProxy }}
|
||||
resources: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
resourcesPrimary: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
resourcesSecondary: {{ .Values.resources.umsLdapServer | toYaml | nindent 4 }}
|
||||
serviceAccount:
|
||||
create: true
|
||||
waitForDependency:
|
||||
@@ -1099,13 +1109,17 @@ nubusStackDataUms:
|
||||
umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}"
|
||||
smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
smtpPort: 25
|
||||
smtpUser: ""
|
||||
smtpUser: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
smtpStartTls: false
|
||||
ldapBase: {{ .Values.ldap.baseDn }}
|
||||
templateContext:
|
||||
initialPasswordDefaultAdmin: {{ .Values.secrets.nubus.defaultAccounts.adminPassword | quote }}
|
||||
initialPasswordDefaultUser: {{ .Values.secrets.nubus.defaultAccounts.userPassword | quote }}
|
||||
initialPasswordAdministrator: {{ .Values.secrets.nubus.systemAccounts.administratorPassword | quote }}
|
||||
apps: {{ .Values.apps | toYaml | nindent 6 }}
|
||||
defaultGroupOtherObjects: "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
opendeskEnterprise: {{ env "OPENDESK_ENTERPRISE" }}
|
||||
opendeskAdminAttributes: true
|
||||
opendeskGroupAttributes: true
|
||||
opendeskUserAttributes: true
|
||||
portalEnforceLogin: {{ .Values.functional.portal.enforceLogin }}
|
||||
portalHeaderLogo: {{ toYaml .Values.theme.imagery.logoHeaderSvgB64 | quote }}
|
||||
portalTiles: {{ toYaml .Values.theme.imagery.portalTiles | nindent 6 }}
|
||||
@@ -1118,9 +1132,10 @@ nubusStackDataUms:
|
||||
portalNotesLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.notes .Values.global.domain }}
|
||||
portalTitleDE: "Portal - {{ .Values.theme.texts.productName }}"
|
||||
portalTitleEN: "Portal - {{ .Values.theme.texts.productName }}"
|
||||
portalLinkLegalNotice: {{ .Values.functional.portal.linkLegalNotice }}
|
||||
portalLinkPrivacyStatement: {{ .Values.functional.portal.linkPrivacyStatement }}
|
||||
oxDefaultContext: "1"
|
||||
componentEnabled:
|
||||
notes: {{ .Values.apps.notes.enabled }}
|
||||
oxContextHidden: true
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||
@@ -1129,29 +1144,29 @@ nubusStackDataUms:
|
||||
{{- end }}
|
||||
ldapSystemUsers: []
|
||||
portaltileGroupUserStandard:
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupUserAdmin:
|
||||
- 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
- "cn=Support,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupUserAll:
|
||||
- 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
- "cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupGroupware:
|
||||
- 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupFileshare:
|
||||
- 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupManagementProject:
|
||||
- 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupManagementKnowledge:
|
||||
- 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupManagementLearn:
|
||||
- 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupLiveCollaboration:
|
||||
- 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupVideoconference:
|
||||
- 'cn=managed-by-attribute-Videoconference,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Videoconference,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
portaltileGroupNotes:
|
||||
- 'cn=managed-by-attribute-Notes,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- "cn=managed-by-attribute-Notes,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
systemInformation:
|
||||
releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}{{ if eq (env "OPENDESK_ENTERPRISE") "true" }}-ee{{ end }}"
|
||||
{{- if .Values.functional.admin.portal.deploymentTimestamp.enabled }}
|
||||
@@ -1159,6 +1174,12 @@ nubusStackDataUms:
|
||||
{{- else }}
|
||||
deployDate: false
|
||||
{{- end }}
|
||||
# executes a list of UDM commands as step `03-custom-initializer.yaml` of the opendesk-nubus customization
|
||||
# Ref. https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/tree/main/udm/udm-data-loader
|
||||
udmCustomInitializer: []
|
||||
# executes a list of UDM commands as step `97-custom-finalizer.yaml` of the opendesk-nubus customization
|
||||
# Ref. https://gitlab.opencode.de/bmi/opendesk/components/platform-development/images/opendesk-nubus/-/tree/main/udm/udm-data-loader
|
||||
udmCustomFinalizer: []
|
||||
|
||||
nubusUmcServer:
|
||||
additionalAnnotations:
|
||||
@@ -1316,8 +1337,6 @@ nubusUmcGateway:
|
||||
replicaCount: {{ .Values.replicas.umsUmcGateway }}
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
|
||||
umcGateway:
|
||||
umcHtmlTitle: "Portal - {{ .Values.theme.texts.productName }}"
|
||||
|
||||
nubusKeycloakBootstrap:
|
||||
additionalAnnotations:
|
||||
@@ -1396,7 +1415,7 @@ extraSecrets:
|
||||
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
- name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
||||
stringData:
|
||||
umcKeycloakExtensionsSmtpPassword: ""
|
||||
umcKeycloakExtensionsSmtpPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
- name: "ums-keycloak-bootstrap-ldap-opendesk-credentials"
|
||||
stringData:
|
||||
password: {{ .Values.secrets.nubus.ldapSearch.keycloak | quote }}
|
||||
@@ -1406,7 +1425,7 @@ extraSecrets:
|
||||
secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
||||
- name: "ums-umc-server-smtp-credentials-custom"
|
||||
stringData:
|
||||
password: ""
|
||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
- name: "ums-provisioning-ox-credentials"
|
||||
stringData:
|
||||
ox-connector.json: "{ \"name\": \"ox-connector\", \"realms_topics\": [{\"realm\": \"udm\", \"topic\": \"oxmail/oxcontext\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/accessprofile\"}, {\"realm\": \"udm\", \"topic\": \"users/user\"}, {\"realm\": \"udm\", \"topic\": \"oxresources/oxresources\"}, {\"realm\": \"udm\", \"topic\": \"groups/group\"}, {\"realm\": \"udm\", \"topic\": \"oxmail/functional_account\"}], \"request_prefill\": true, \"password\": \"{{ .Values.secrets.oxConnector.provisioningApiPassword }}\" }"
|
||||
|
||||
@@ -18,35 +18,47 @@ image:
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
clientAccessRestrictions:
|
||||
{{- if .Values.apps.element.enabled }}
|
||||
matrix:
|
||||
client: "opendesk-matrix"
|
||||
scope: "opendesk-matrix-scope"
|
||||
role: "opendesk-matrix-access-control"
|
||||
group: "managed-by-attribute-Livecollaboration"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.jitsi.enabled }}
|
||||
jitsi:
|
||||
client: "opendesk-jitsi"
|
||||
scope: "opendesk-jitsi-scope"
|
||||
role: "opendesk-jitsi-access-control"
|
||||
group: "managed-by-attribute-Videoconference"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.xwiki.enabled }}
|
||||
xwiki:
|
||||
client: "opendesk-xwiki"
|
||||
scope: "opendesk-xwiki-scope"
|
||||
role: "opendesk-xwiki-access-control"
|
||||
group: "managed-by-attribute-Knowledgemanagement"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.openproject.enabled }}
|
||||
openproject:
|
||||
client: "opendesk-openproject"
|
||||
scope: "opendesk-openproject-scope"
|
||||
role: "opendesk-openproject-access-control"
|
||||
group: "managed-by-attribute-Projectmanagement"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.nextcloud.enabled }}
|
||||
nextcloud:
|
||||
client: "opendesk-nextcloud"
|
||||
scope: "opendesk-nextcloud-scope"
|
||||
role: "opendesk-nextcloud-access-control"
|
||||
group: "managed-by-attribute-Fileshare"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.oxAppSuite.enabled }}
|
||||
oxAppSuite:
|
||||
client: "opendesk-oxappsuite"
|
||||
scope: "opendesk-oxappsuite-scope"
|
||||
@@ -57,6 +69,7 @@ config:
|
||||
scope: "opendesk-dovecot-scope"
|
||||
role: "opendesk-dovecot-access-control"
|
||||
group: "managed-by-attribute-Groupware"
|
||||
{{- end }}
|
||||
{{- if .Values.apps.notes.enabled }}
|
||||
notes:
|
||||
client: "opendesk-notes"
|
||||
@@ -65,8 +78,6 @@ config:
|
||||
group: "managed-by-attribute-Notes"
|
||||
{{- end }}
|
||||
|
||||
componentEnabled:
|
||||
notes: {{ .Values.apps.notes.enabled }}
|
||||
custom:
|
||||
clientScopes:
|
||||
{{ .Values.functional.authentication.oidc.clientScopes | toYaml | nindent 6 }}
|
||||
@@ -88,13 +99,14 @@ config:
|
||||
twoFactorSettings:
|
||||
additionalGroups: {{ .Values.functional.authentication.twoFactor.groups }}
|
||||
precreateGroups: [ 'Domain Admins', 'Domain Users', '2fa-users', 'IAM API - Full Access',
|
||||
'managed-by-attribute-Fileshare', 'managed-by-attribute-FileshareAdmin',
|
||||
'managed-by-attribute-Knowledgemanagement', 'managed-by-attribute-KnowledgemanagementAdmin',
|
||||
'managed-by-attribute-Livecollaboration', 'managed-by-attribute-LivecollaborationAdmin',
|
||||
'managed-by-attribute-Projectmanagement', 'managed-by-attribute-ProjectmanagementAdmin',
|
||||
'managed-by-attribute-Videoconference',
|
||||
'managed-by-attribute-Groupware',
|
||||
'managed-by-attribute-Notes' ]
|
||||
{{ if .Values.apps.nextcloud.enabled }}'managed-by-attribute-Fileshare', 'managed-by-attribute-FileshareAdmin',{{ end }}
|
||||
{{ if .Values.apps.xwiki.enabled }}'managed-by-attribute-Knowledgemanagement', 'managed-by-attribute-KnowledgemanagementAdmin',{{ end }}
|
||||
{{ if .Values.apps.element.enabled }}'managed-by-attribute-Livecollaboration', 'managed-by-attribute-LivecollaborationAdmin',{{ end }}
|
||||
{{ if .Values.apps.openproject.enabled }}'managed-by-attribute-Projectmanagement', 'managed-by-attribute-ProjectmanagementAdmin',{{ end }}
|
||||
{{ if .Values.apps.jitsi.enabled }}'managed-by-attribute-Videoconference',{{ end }}
|
||||
{{ if .Values.apps.oxAppSuite.enabled }}'managed-by-attribute-Groupware',{{ end }}
|
||||
{{ if .Values.apps.notes.enabled }}'managed-by-attribute-Notes',{{ end }}
|
||||
]
|
||||
|
||||
opendesk:
|
||||
# We use client specific scopes as we bind them to Keycloak role membership which itself is linked
|
||||
@@ -105,6 +117,7 @@ config:
|
||||
protocol: "openid-connect"
|
||||
- name: "write_contacts"
|
||||
protocol: "openid-connect"
|
||||
{{ if .Values.apps.openproject.enabled }}
|
||||
- name: "opendesk-openproject-scope"
|
||||
description: "Scope for the claims required by openDesk's OpenProject instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -178,6 +191,8 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "family_name"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.jitsi.enabled }}
|
||||
- name: "opendesk-jitsi-scope"
|
||||
description: "Scope for the claims required by openDesk's Jitsi instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -225,6 +240,8 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.nextcloud.enabled }}
|
||||
- name: "opendesk-nextcloud-scope"
|
||||
description: "Scope for the claims required by openDesk's Nextcloud instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -274,6 +291,8 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "context"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.element.enabled }}
|
||||
- name: "opendesk-matrix-scope"
|
||||
description: "Scope for the claims required by openDesk's Matrix instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -321,6 +340,8 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.xwiki.enabled }}
|
||||
- name: "opendesk-xwiki-scope"
|
||||
description: "Scope for the claims required by openDesk's XWiki instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -368,6 +389,8 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.oxAppSuite.enabled }}
|
||||
- name: "opendesk-dovecot-scope"
|
||||
description: "Scope for the claims required by openDesk's Dovecot instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -431,7 +454,8 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "opendesk_username"
|
||||
jsonType.label: "String"
|
||||
{{ if .Values.apps.notes.enabled }}
|
||||
{{ end }}
|
||||
{{ if .Values.apps.notes.enabled }}
|
||||
- name: "opendesk-notes-scope"
|
||||
description: "Scope for the claims required by openDesk's Notes instance."
|
||||
protocol: "openid-connect"
|
||||
@@ -472,7 +496,7 @@ config:
|
||||
access.token.claim: true
|
||||
claim.name: "family_name"
|
||||
jsonType.label: "String"
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
clients:
|
||||
- name: "opendesk-intercom"
|
||||
clientId: "opendesk-intercom"
|
||||
@@ -522,7 +546,7 @@ config:
|
||||
jsonType.label: "String"
|
||||
defaultClientScopes:
|
||||
- "offline_access"
|
||||
{{ if .Values.apps.notes.enabled }}
|
||||
{{ if .Values.apps.notes.enabled }}
|
||||
- name: "opendesk-notes"
|
||||
clientId: "opendesk-notes"
|
||||
protocol: "openid-connect"
|
||||
@@ -560,7 +584,8 @@ config:
|
||||
user.info.response.signature.alg: "RS256"
|
||||
defaultClientScopes:
|
||||
- "opendesk-notes-scope"
|
||||
{{ end }}
|
||||
{{ end }}
|
||||
{{ if .Values.apps.oxAppSuite.enabled }}
|
||||
- name: "opendesk-dovecot"
|
||||
clientId: "opendesk-dovecot"
|
||||
protocol: "openid-connect"
|
||||
@@ -574,6 +599,28 @@ config:
|
||||
backchannel.logout.session.required: false
|
||||
defaultClientScopes:
|
||||
- "opendesk-dovecot-scope"
|
||||
- name: "opendesk-oxappsuite"
|
||||
clientId: "opendesk-oxappsuite"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-oxappsuite-scope"
|
||||
- "read_contacts"
|
||||
- "write_contacts"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.jitsi.enabled }}
|
||||
- name: "opendesk-jitsi"
|
||||
clientId: "opendesk-jitsi"
|
||||
protocol: "openid-connect"
|
||||
@@ -587,6 +634,8 @@ config:
|
||||
authorizationServicesEnabled: false
|
||||
defaultClientScopes:
|
||||
- "opendesk-jitsi-scope"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.element.enabled }}
|
||||
- name: "opendesk-matrix"
|
||||
clientId: "opendesk-matrix"
|
||||
protocol: "openid-connect"
|
||||
@@ -609,6 +658,8 @@ config:
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.synapse }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-matrix-scope"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.nextcloud.enabled }}
|
||||
- name: "opendesk-nextcloud"
|
||||
clientId: "opendesk-nextcloud"
|
||||
protocol: "openid-connect"
|
||||
@@ -629,6 +680,8 @@ config:
|
||||
- "opendesk-nextcloud-scope"
|
||||
- "read_contacts"
|
||||
- "write_contacts"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.openproject.enabled }}
|
||||
- name: "opendesk-openproject"
|
||||
clientId: "opendesk-openproject"
|
||||
protocol: "openid-connect"
|
||||
@@ -648,26 +701,8 @@ config:
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-openproject-scope"
|
||||
- name: "opendesk-oxappsuite"
|
||||
clientId: "opendesk-oxappsuite"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/ajax/oidc/backchannel_logout"
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-oxappsuite-scope"
|
||||
- "read_contacts"
|
||||
- "write_contacts"
|
||||
{{ end }}
|
||||
{{ if .Values.apps.xwiki.enabled }}
|
||||
- name: "opendesk-xwiki"
|
||||
clientId: "opendesk-xwiki"
|
||||
protocol: "openid-connect"
|
||||
@@ -686,6 +721,7 @@ config:
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-xwiki-scope"
|
||||
{{ end }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -9,8 +9,8 @@ repositories:
|
||||
verify: {{ .Values.charts.dovecot.verify }}
|
||||
oci: true
|
||||
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
||||
username: {{ env "ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}"
|
||||
{{- else }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
@@ -24,8 +24,8 @@ repositories:
|
||||
verify: {{ .Values.charts.oxAppSuite.verify }}
|
||||
oci: true
|
||||
{{- if eq (env "OPENDESK_ENTERPRISE") "true" }}
|
||||
username: {{ env "ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
username: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_ENTERPRISE_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDeEnterprise .Values.global.helmRegistry | default .Values.charts.oxAppSuite.registry }}/{{ .Values.charts.oxAppSuite.repository }}"
|
||||
{{- else }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
@@ -51,6 +51,16 @@ repositories:
|
||||
oci: true
|
||||
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}"
|
||||
|
||||
# openDesk Postfix
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix
|
||||
- name: "postfix-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.postfix.verify }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ coalesce .Values.repositories.helm.registryOpencodeDe .Values.global.helmRegistry | default .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}"
|
||||
|
||||
releases:
|
||||
- name: "dovecot"
|
||||
chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
|
||||
@@ -66,6 +76,17 @@ releases:
|
||||
installed: {{ .Values.apps.dovecot.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "postfix-ox"
|
||||
chart: "postfix-repo/{{ .Values.charts.postfix.name }}"
|
||||
version: "{{ .Values.charts.postfix.version }}"
|
||||
values:
|
||||
- "values-postfix.yaml.gotmpl"
|
||||
{{- range .Values.customization.release.postfix }}
|
||||
- {{ . }}
|
||||
{{- end }}
|
||||
installed: {{ .Values.apps.postfix.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "open-xchange"
|
||||
chart: "open-xchange-repo/{{ .Values.charts.oxAppSuite.name }}"
|
||||
version: "{{ .Values.charts.oxAppSuite.version }}"
|
||||
|
||||
@@ -23,8 +23,8 @@ dovecot:
|
||||
enabled: true
|
||||
host: {{ .Values.ldap.host | quote }}
|
||||
port: 389
|
||||
base: "dc=swp-ldap,dc=internal"
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,dc=swp-ldap,dc=internal"
|
||||
base: "{{ .Values.ldap.baseDn }}"
|
||||
dn: "uid=ldapsearch_dovecot,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
password: {{ .Values.secrets.nubus.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
enabled: true
|
||||
@@ -104,10 +104,10 @@ persistence:
|
||||
resources:
|
||||
{{ .Values.resources.dovecot | toYaml | nindent 2 }}
|
||||
|
||||
{{- if or (eq .Values.cluster.service.type "NodePort") (eq .Values.cluster.service.type "LoadBalancer") }}
|
||||
{{- if or (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.dovecot .Values.cluster.service.type) "LoadBalancer") }}
|
||||
service:
|
||||
external:
|
||||
enabled: true
|
||||
type: {{ .Values.cluster.service.type | quote }}
|
||||
type: {{ coalesce .Values.service.type.dovecot .Values.cluster.service.type | quote }}
|
||||
{{- end }}
|
||||
...
|
||||
|
||||
@@ -25,7 +25,7 @@ appsuite:
|
||||
auth:
|
||||
type: "adminDN"
|
||||
adminDN:
|
||||
dn: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
dn: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
password: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
|
||||
|
||||
uiSettings:
|
||||
|
||||
@@ -13,10 +13,14 @@ global:
|
||||
mysql:
|
||||
host: {{ .Values.databases.oxAppSuite.host | quote }}
|
||||
database: {{ .Values.databases.oxAppSuite.name | quote }}
|
||||
readHost: {{ .Values.databases.oxAppSuite.readHost | quote }}
|
||||
readDatabase: {{ .Values.databases.oxAppSuite.name | quote }}
|
||||
auth:
|
||||
user: {{ .Values.databases.oxAppSuite.username | quote }}
|
||||
password: {{ .Values.databases.oxAppSuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
rootPassword: {{ .Values.databases.oxAppSuite.password | default .Values.secrets.mariadb.rootPassword | quote }}
|
||||
readUser: {{ .Values.databases.oxAppSuite.readUser | default .Values.databases.oxAppSuite.username | quote }}
|
||||
readPassword: {{ .Values.databases.oxAppSuite.readPassword | default .Values.databases.oxAppSuite.password | quote}}
|
||||
|
||||
nextcloud-integration-ui:
|
||||
image:
|
||||
@@ -237,7 +241,7 @@ appsuite:
|
||||
com.openexchange.mail.mailServer: "dovecot"
|
||||
com.openexchange.mail.mailServerSource: "global"
|
||||
com.openexchange.mail.transport.authType: "xoauth2"
|
||||
com.openexchange.mail.transportServer: "postfix"
|
||||
com.openexchange.mail.transportServer: "postfix-ox"
|
||||
com.openexchange.mail.transportServerSource: "global"
|
||||
# Requirements for OX-Connector
|
||||
com.openexchange.user.enforceUniqueDisplayName: "false"
|
||||
@@ -276,14 +280,19 @@ appsuite:
|
||||
com.openexchange.conference.element.enabled: "true"
|
||||
com.openexchange.conference.element.meetingHostUrl: http://matrix-neodatefix-bot
|
||||
com.openexchange.conference.element.matrixLoginUrl: http://opendesk-synapse-web:8008/_matrix/client/v3/login
|
||||
com.openexchange.conference.element.matrixUuidClaimName: opendesk_useruuid
|
||||
com.openexchange.conference.element.matrixUuidClaimName: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"opendesk_useruuid"{{ else }}"opendesk_username"{{ end }}
|
||||
# GDPR
|
||||
com.openexchange.gdpr.dataexport.enabled: "false"
|
||||
com.openexchange.gdpr.dataexport.active: "false"
|
||||
# Guard
|
||||
com.openexchange.guard.storage.file.fileStorageType: "file"
|
||||
com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/"
|
||||
com.openexchange.guard.guestSMTPMailFrom: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
com.openexchange.guard.guestSMTPPassword: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
com.openexchange.guard.guestSMTPPort: "25"
|
||||
com.openexchange.guard.guestSMTPServer: "postfix"
|
||||
com.openexchange.guard.guestSMTPUsername: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
com.openexchange.guard.useStartTLS: "false"
|
||||
# S/MIME
|
||||
# Usage (in browser console after login):
|
||||
# http = (await import('./io.ox/core/http.js')).default
|
||||
@@ -330,8 +339,8 @@ appsuite:
|
||||
/opt/open-xchange/etc/system.properties:
|
||||
SERVER_NAME: "oxserver"
|
||||
/opt/open-xchange/etc/ldapauth.properties:
|
||||
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/dc=swp-ldap,dc=internal"
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal"
|
||||
java.naming.provider.url: "ldap://{{ .Values.ldap.host }}:389/{{ .Values.ldap.baseDn }}"
|
||||
bindDN: "uid=ldapsearch_ox,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
bindDNPassword: {{ .Values.secrets.nubus.ldapSearch.ox | quote }}
|
||||
bindOnly: "false"
|
||||
/opt/open-xchange/etc/antivirus.properties:
|
||||
|
||||
@@ -73,29 +73,21 @@ podAnnotations: {}
|
||||
|
||||
replicaCount: {{ .Values.replicas.oxConnector }}
|
||||
|
||||
podSecurityContext:
|
||||
fsGroup: 1000
|
||||
|
||||
securityContext:
|
||||
privileged: false
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
add:
|
||||
- "CHOWN"
|
||||
- "DAC_OVERRIDE"
|
||||
- "FOWNER"
|
||||
- "FSETID"
|
||||
- "KILL"
|
||||
- "SETGID"
|
||||
- "SETUID"
|
||||
- "SETPCAP"
|
||||
- "NET_BIND_SERVICE"
|
||||
- "SYS_CHROOT"
|
||||
privileged: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
runAsNonRoot: false
|
||||
readOnlyRootFilesystem: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.oxConnector | toYaml | nindent 4 }}
|
||||
|
||||
|
||||
100
helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
Normal file
100
helmfile/apps/open-xchange/values-postfix.yaml.gotmpl
Normal file
@@ -0,0 +1,100 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
certificate:
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
request:
|
||||
enabled: false
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities: {}
|
||||
enabled: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
privileged: true
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.postfix | toYaml | nindent 4 }}
|
||||
|
||||
global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.postfix.registry | quote }}
|
||||
repository: {{ .Values.images.postfix.repository | quote }}
|
||||
tag: {{ .Values.images.postfix.tag | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
persistence:
|
||||
size: {{ .Values.persistence.storages.postfix.size | quote }}
|
||||
storageClass: {{ coalesce .Values.persistence.storages.postfix.storageClassName .Values.persistence.storageClassNames.RWO | quote }}
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 101
|
||||
|
||||
postfix:
|
||||
amavisHost: ""
|
||||
amavisPortIn: ""
|
||||
domain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
hostname: "postfix"
|
||||
inetProtocols: "ipv4"
|
||||
milterDefaultAction: "tempfail"
|
||||
overrides:
|
||||
- fileName: "sasl_passwd.map"
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
{{- if .Values.apps.dkimpy.enabled }}
|
||||
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
||||
{{- end }}
|
||||
rspamdHost: ""
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||
smtpSASLAuthEnable: "yes"
|
||||
smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
|
||||
smtpTLSSecurityLevel: "encrypt"
|
||||
smtpdSASLAuthEnable: "yes"
|
||||
smtpdSASLSecurityOptions: "noanonymous"
|
||||
smtpdSASLType: "dovecot"
|
||||
smtpdTLSSecurityLevel: "encrypt"
|
||||
smtpdTLSCertFile: "/etc/tls/tls.crt"
|
||||
smtpdKeyFile: "/etc/tls/tls.key"
|
||||
smtpdSASLPath: "inet:dovecot:3659"
|
||||
|
||||
staticAuthDB:
|
||||
enabled: false
|
||||
|
||||
{{- if .Values.antivirus.milter.host }}
|
||||
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
||||
{{- else }}
|
||||
{{- if .Values.apps.clamavDistributed.enabled }}
|
||||
smtpdMilters: "inet:clamav-milter:7357"
|
||||
{{- else if .Values.apps.clamavSimple.enabled }}
|
||||
smtpdMilters: "inet:clamav-simple:7357"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }}
|
||||
virtualTransport: "lmtps:dovecot:24"
|
||||
|
||||
podAnnotations: {}
|
||||
|
||||
replicaCount: {{ .Values.replicas.postfix }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.postfix | toYaml | nindent 2 }}
|
||||
|
||||
{{- if or (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "NodePort") (eq (coalesce .Values.service.type.postfix .Values.cluster.service.type) "LoadBalancer") }}
|
||||
service:
|
||||
external:
|
||||
enabled: true
|
||||
type: {{ coalesce .Values.service.type.postfix .Values.cluster.service.type | quote }}
|
||||
{{- end }}
|
||||
...
|
||||
@@ -13,6 +13,7 @@ global:
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
|
||||
@@ -39,7 +39,7 @@ dbInit:
|
||||
|
||||
environment:
|
||||
{{- if and (eq (env "OPENDESK_ENTERPRISE") "true") .Values.enterpriseKeys.openproject.token }}
|
||||
OPENPROJECT_ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
|
||||
OPENPROJECT_SEED__ENTERPRISE__TOKEN: {{ .Values.enterpriseKeys.openproject.token | quote }}
|
||||
{{- end }}
|
||||
# For more details and more options see
|
||||
# https://www.openproject.org/docs/installation-and-operations/configuration/environment/
|
||||
@@ -56,8 +56,8 @@ environment:
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_PORT: "389"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.nubus.ldapSearch.openproject | quote }}
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SECURITY: "plain_ldap"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BINDUSER: "uid=ldapsearch_openproject,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_BASEDN: "{{ .Values.ldap.baseDn }}"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementUser)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_SYNC__USERS: "true"
|
||||
@@ -66,7 +66,7 @@ environment:
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_LASTNAME__MAPPING: "sn"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_MAIL__MAPPING: "mailPrimaryAddress"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_ADMIN__MAPPING: "opendeskProjectmanagementAdmin"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "dc=swp-ldap,dc=internal"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_BASE: "{{ .Values.ldap.baseDn }}"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_FILTER:
|
||||
"(&(objectClass=opendeskProjectmanagementGroup)(opendeskProjectmanagementEnabled=TRUE))"
|
||||
OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_SYNC__USERS: "true"
|
||||
@@ -76,18 +76,28 @@ environment:
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
OPENPROJECT_SMTP__USER__NAME: ""
|
||||
OPENPROJECT_SMTP__PASSWORD: ""
|
||||
OPENPROJECT_SMTP__PORT: 25
|
||||
OPENPROJECT_SMTP__USER__NAME: {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
OPENPROJECT_SMTP__PASSWORD: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
OPENPROJECT_SMTP__PORT: 587
|
||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||
OPENPROJECT_SMTP__ADDRESS: {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "none"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "false"
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "cram_md5"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "none"
|
||||
OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
OPENPROJECT_SEED_DESIGN_PRIMARY__BUTTON__COLOR: {{ .Values.theme.colors.primary | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_ACCENT__COLOR: {{ .Values.theme.colors.primary | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_HEADER__BG__COLOR: {{ .Values.theme.colors.white | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_HEADER__ITEM__BG__HOVER__COLOR: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_MAIN__MENU__BG__COLOR: {{ .Values.theme.colors.white | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_MAIN__MENU__BG__SELECTED__BACKGROUND: {{ .Values.theme.colors.primary | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_MAIN__MENU__BG__HOVER__BACKGROUND: {{ .Values.theme.colors.secondaryGreyLight | quote }}
|
||||
OPENPROJECT_SEED_DESIGN_LOGO: "data:image/svg+xml;base64,{{ .Values.theme.imagery.logoHeaderSvgB64 }}"
|
||||
OPENPROJECT_SEED_DESIGN_FAVICON: "data:image/svg+xml;base64,{{ .Values.theme.imagery.projects.faviconSvg }}"
|
||||
|
||||
{{- if .Values.certificate.selfSigned }}
|
||||
SSL_CERT_FILE: "/etc/ssl/certs/ca-certificates.crt"
|
||||
{{- end }}
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
@@ -15,7 +15,7 @@ containerSecurityContext:
|
||||
enabled: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: false
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: false
|
||||
runAsUser: 0
|
||||
runAsGroup: 0
|
||||
@@ -60,14 +60,20 @@ postfix:
|
||||
relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||
smtpSASLAuthEnable: "yes"
|
||||
smtpSASLPasswordMaps: "lmdb:/etc/postfix/sasl_passwd.map"
|
||||
smtpUseTLS: "yes"
|
||||
smtpdSASLAuthEnable: "no"
|
||||
smtpTLSSecurityLevel: "encrypt"
|
||||
smtpdSASLAuthEnable: "yes"
|
||||
smtpdSASLSecurityOptions: "noanonymous"
|
||||
smtpdSASLType: "dovecot"
|
||||
smtpdUseTLS: "yes"
|
||||
smtpdSASLType: "cyrus"
|
||||
smtpdTLSSecurityLevel: "may"
|
||||
smtpdTLSCertFile: "/etc/tls/tls.crt"
|
||||
smtpdKeyFile: "/etc/tls/tls.key"
|
||||
smtpdSASLPath: "inet:dovecot:3659"
|
||||
smtpdSASLPath: "smtpd"
|
||||
|
||||
staticAuthDB:
|
||||
enabled: true
|
||||
username: "opendesk-system"
|
||||
password: {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
|
||||
{{- if .Values.antivirus.milter.host }}
|
||||
smtpdMilters: "inet:{{ .Values.antivirus.milter.host }}:{{ .Values.antivirus.milter.port }}"
|
||||
{{- else }}
|
||||
@@ -77,7 +83,7 @@ postfix:
|
||||
smtpdMilters: "inet:clamav-simple:7357"
|
||||
{{- end }}
|
||||
{{- end }}
|
||||
virtualMailboxDomains: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
virtualMailboxDomains: {{ if .Values.global.additionalMailDomains }}{{ printf "%s,%s" (.Values.global.mailDomain | default .Values.global.domain) .Values.global.additionalMailDomains }}{{ else }}{{ .Values.global.mailDomain | default .Values.global.domain | quote }}{{ end }}
|
||||
virtualTransport: "lmtps:dovecot:24"
|
||||
|
||||
podAnnotations: {}
|
||||
@@ -87,10 +93,7 @@ replicaCount: {{ .Values.replicas.postfix }}
|
||||
resources:
|
||||
{{ .Values.resources.postfix | toYaml | nindent 2 }}
|
||||
|
||||
{{- if or (eq .Values.cluster.service.type "NodePort") (eq .Values.cluster.service.type "LoadBalancer") }}
|
||||
service:
|
||||
external:
|
||||
enabled: true
|
||||
type: {{ .Values.cluster.service.type | quote }}
|
||||
{{- end }}
|
||||
enabled: false
|
||||
...
|
||||
|
||||
@@ -76,10 +76,10 @@ customConfigs:
|
||||
xwiki.authentication.ldap.server: {{ .Values.ldap.host | quote }}
|
||||
xwiki.authentication.ldap.port: 389
|
||||
## Authentication to the LDAP server
|
||||
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,dc=swp-ldap,dc=internal"
|
||||
xwiki.authentication.ldap.bind_DN: "uid=ldapsearch_xwiki,cn=users,{{ .Values.ldap.baseDn }}"
|
||||
xwiki.authentication.ldap.bind_pass: {{ .Values.secrets.nubus.ldapSearch.xwiki | quote }}
|
||||
## Base DN used for searching for users
|
||||
xwiki.authentication.ldap.base_DN: "dc=swp-ldap,dc=internal"
|
||||
xwiki.authentication.ldap.base_DN: "{{ .Values.ldap.baseDn }}"
|
||||
## Allow short update cycles of the LDAP group cache
|
||||
xwiki.authentication.ldap.groupcache_expiration: 300
|
||||
## Mapping for XWiki attributes to the respective LDAP attributes
|
||||
@@ -161,13 +161,16 @@ properties:
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443
|
||||
|
||||
## This option overwrites the LDAP group mappings including all dynamically created mappings, therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping.
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,dc=swp-ldap,dc=internal"
|
||||
## This option overwrites the LDAP group mappings including all dynamically created mappings,
|
||||
# therefore on XWiki restart an LDAP sync is triggered to load the dynamic mapping.
|
||||
"property:xwiki:XWiki.XWikiPreferences^XWiki.XWikiPreferences.ldap_group_mapping": "xwiki:XWiki.XWikiAdminGroup=cn=managed-by-attribute-KnowledgemanagementAdmin,cn=groups,{{ .Values.ldap.baseDn }}"
|
||||
## SMTP settings
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ printf "%s.%s.svc.%s" "postfix" (.Values.apps.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": 25
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=false"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": 587
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=true"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ printf "%s@%s" "opendesk-system" ( .Values.global.mailDomain | default .Values.global.domain ) }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.password": {{ .Values.secrets.postfix.opendeskSystemPassword | quote }}
|
||||
## Link LDAP users and users authenticated through OIDC
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
@@ -202,7 +205,7 @@ properties:
|
||||
1
|
||||
## Base DN under which groups should be searched for
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchDN":
|
||||
"dc=swp-ldap,dc=internal"
|
||||
"{{ .Values.ldap.baseDn }}"
|
||||
## LDAP filter to only synchronize some groups
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.ldapGroupImportSearchFilter":
|
||||
"(&(objectClass=opendeskKnowledgemanagementGroup)(opendeskKnowledgemanagementEnabled=TRUE))"
|
||||
|
||||
@@ -5,7 +5,7 @@ images:
|
||||
collabora:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
tag: "24.04.9.4.2@sha256:7c38f2568855ec33c11296d65384766230ea3097a245a60b9e8b0b62cb9cc17f"
|
||||
tag: "24.04.12.4.1@sha256:af4d4d0e743c71f7995e81cb081d0e1db79d016b0c50169480096f70b4b42f85"
|
||||
dovecot:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/dovecot-pro"
|
||||
@@ -13,7 +13,7 @@ images:
|
||||
nextcloud:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/nextcloud/images/opendesk-nextcloud"
|
||||
tag: "1.0.7@sha256:3c0afeb7fb41e3ffa32ab3d3b96b41f5afd7a2b066a27b4478a64e06d2f0bd06"
|
||||
tag: "1.1.5@sha256:825998ebf99ae3f9f80ba42fe8f652e9213a5f086d8c4dd96c7d66f88b8572c4"
|
||||
openxchangeCoreMW:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/open-xchange/images-mirror/core-mw"
|
||||
|
||||
@@ -5,7 +5,7 @@ resources:
|
||||
collabora:
|
||||
# When using CollaboraController for autoscaling, `targetMemoryUtilizationPercentage` and
|
||||
# `targetCPUUtilizationPercentage` defined at `enterpriseFeatures.collabora.autoscaling`
|
||||
# are checked against the values defined below under `requests`, so please ensure you set these
|
||||
# are checked against the `requests` values defined, so please ensure you set these
|
||||
# appropriately to avoid unnecessary scaling.
|
||||
requests:
|
||||
cpu: 3
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
#
|
||||
@@ -65,7 +65,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/charts-mirror"
|
||||
name: "cool-controller"
|
||||
version: "1.1.1"
|
||||
version: "1.1.2"
|
||||
verify: false
|
||||
cryptpad:
|
||||
# providerCategory: "Supplier"
|
||||
@@ -109,7 +109,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-element"
|
||||
version: "6.0.2"
|
||||
version: "6.1.1"
|
||||
verify: true
|
||||
elementWellKnown:
|
||||
# providerCategory: "Platform"
|
||||
@@ -119,7 +119,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -141,7 +141,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "intercom-service"
|
||||
version: "2.7.3"
|
||||
version: "2.10.3"
|
||||
verify: true
|
||||
jitsi:
|
||||
# providerCategory: "Platform"
|
||||
@@ -151,7 +151,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi"
|
||||
name: "opendesk-jitsi"
|
||||
version: "3.0.1"
|
||||
version: "3.1.0"
|
||||
verify: true
|
||||
mariadb:
|
||||
# providerCategory: "Platform"
|
||||
@@ -173,7 +173,7 @@ charts:
|
||||
name: "matrix-neoboard-widget"
|
||||
version: "3.5.1"
|
||||
verify: true
|
||||
matrixNeochoiseWidget:
|
||||
matrixNeochoiceWidget:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
@@ -211,7 +211,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-matrix-user-verification-service"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
memcached:
|
||||
# providerCategory: "Community"
|
||||
@@ -251,7 +251,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud"
|
||||
version: "3.7.1"
|
||||
version: "4.0.0"
|
||||
verify: true
|
||||
nextcloudManagement:
|
||||
# providerCategory: "Platform"
|
||||
@@ -261,7 +261,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
|
||||
name: "opendesk-nextcloud-management"
|
||||
version: "3.7.1"
|
||||
version: "4.0.0"
|
||||
verify: true
|
||||
nginx:
|
||||
# providerCategory: "Community"
|
||||
@@ -333,7 +333,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
|
||||
name: "opendesk-keycloak-bootstrap"
|
||||
version: "2.2.3"
|
||||
version: "2.3.0"
|
||||
verify: true
|
||||
opendeskStaticFiles:
|
||||
# providerCategory: "Platform"
|
||||
@@ -355,7 +355,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/charts-mirror"
|
||||
name: "openproject"
|
||||
version: "9.5.0"
|
||||
version: "9.7.1"
|
||||
verify: true
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -387,7 +387,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/charts-mirror"
|
||||
name: "appsuite-public-sector"
|
||||
version: "2.12.85"
|
||||
version: "2.15.50"
|
||||
verify: false
|
||||
oxAppSuiteBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -419,7 +419,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
||||
name: "postfix"
|
||||
version: "2.3.0"
|
||||
version: "2.3.2"
|
||||
verify: true
|
||||
postgresql:
|
||||
# providerCategory: "Platform"
|
||||
@@ -449,7 +449,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
synapseAdmin:
|
||||
# Enterprise Component
|
||||
@@ -477,7 +477,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-create-account"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
synapseGroupsync:
|
||||
# Enterprise Component
|
||||
@@ -505,7 +505,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-web"
|
||||
version: "6.0.2"
|
||||
version: "6.1.0"
|
||||
verify: true
|
||||
xwiki:
|
||||
# providerCategory: "Supplier"
|
||||
|
||||
@@ -1,19 +1,26 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
# This variable allows customization of helmfile releases by loading custom values file.
|
||||
# The following structure allows customization of Helmfile releases by loading custom value files.
|
||||
#
|
||||
# **Warning**: Customizations are a very powerful tool to apply individual changes to your
|
||||
# The keys, like the example key `collaboraOnline` below can be chosen freely.
|
||||
#
|
||||
# **Note:** You have to reference a file and cannot just template additional yaml structure below
|
||||
# the key.
|
||||
#
|
||||
# **Warning:** Customizations are a very powerful tool to apply individual changes to your
|
||||
# openDesk installation. As there are no limits set for what you use it, openDesk cannot
|
||||
# support the configurations you are about to create using the customization-option. If you
|
||||
# have the demand for a specific configuration, try to get it into the openDesk standard
|
||||
# by creating a ticket at https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk/-/issues
|
||||
#
|
||||
# Example:
|
||||
# ```
|
||||
# customization:
|
||||
# release:
|
||||
# collaboraOnline:
|
||||
# myCustomConfig: "/path/to/additional/file.yaml.gotmpl"
|
||||
# myCustomConfig: '{{ env "PWD" }}/path/to/additional/file.yaml.gotmpl'
|
||||
# ```
|
||||
customization:
|
||||
release:
|
||||
# collabora
|
||||
@@ -25,6 +32,13 @@ customization:
|
||||
opendeskWellKnown: {}
|
||||
opendeskSynapseWeb: {}
|
||||
opendeskSynapse: {}
|
||||
matrixUserVerificationServiceBootstrap: {}
|
||||
matrixUserVerificationService: {}
|
||||
matrixNeoboardWidget: {}
|
||||
matrixNeochoiceWidget: {}
|
||||
matrixNeodatefixWidget: {}
|
||||
matrixNeodatefixBotBootstrap: {}
|
||||
matrixNeodatefixBot: {}
|
||||
# jitsi
|
||||
jitsi: {}
|
||||
# migrations-post
|
||||
|
||||
@@ -35,6 +35,7 @@ databases:
|
||||
name: "keycloak_extensions"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
ssl: "false"
|
||||
username: "keycloak_extensions_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
@@ -70,6 +71,11 @@ databases:
|
||||
port: 3306
|
||||
username: "root"
|
||||
password: ""
|
||||
# Optional settings: Route read queries to a different host.
|
||||
readHost: ~
|
||||
# If provided, uses a different set of credentials for read queries. By default oxAppSuite.username and oxAppsuite.password are used.
|
||||
readUser: ~
|
||||
readPassword: ~
|
||||
connectionLimit: ~
|
||||
synapse:
|
||||
type: "postgresql"
|
||||
|
||||
@@ -10,6 +10,10 @@ functional:
|
||||
enabled: true
|
||||
|
||||
authentication:
|
||||
newDeviceLoginNotification:
|
||||
# openDesk's Keycloak extensions can send out an email every time a user logs in with a new "device".
|
||||
# It uses device/browser fingerprinting to identify such an event. The feature can be toggled below.
|
||||
enabled: true
|
||||
twoFactor:
|
||||
# Define a list of groups to enable 2FA for.
|
||||
# Note: Removing a group from the list will not disable 2FA for the removed group.
|
||||
@@ -30,6 +34,8 @@ functional:
|
||||
federation:
|
||||
# Disable to not support Matrix federation with your installation.
|
||||
enabled: true
|
||||
# List of matrix homeserver domains you want to allow federation with
|
||||
domainAllowList: []
|
||||
|
||||
filestore:
|
||||
quota:
|
||||
@@ -91,6 +97,11 @@ functional:
|
||||
# Configure if the a re-direct to the login dialogue is enforced, or if the portal is shown and the user as to actively
|
||||
# trigger the login flow, e.g. but clicking on the "Login" portal tile.
|
||||
enforceLogin: true
|
||||
# Link to the legal notice shown in the portal menu, set to "~" if you want to remove the link
|
||||
linkLegalNotice: "https://opendesk.eu/impressum"
|
||||
# Link to the privacy statement shown in the portal menu, set to "~" if you want to remove the link
|
||||
linkPrivacyStatement: "https://zendis.de/datenschutzerklaerung"
|
||||
|
||||
chat:
|
||||
matrix:
|
||||
profile:
|
||||
|
||||
@@ -1,4 +1,4 @@
|
||||
# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
global:
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-FileCopyrightText: 2024-2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
@@ -10,13 +10,19 @@ global:
|
||||
|
||||
## Define host
|
||||
#
|
||||
domain: {{ env "DOMAIN" | default "souvap.cloud" | quote }}
|
||||
domain: {{ env "DOMAIN" | default "opendesk.internal" | quote }}
|
||||
|
||||
## Define mail host
|
||||
## If this is unset the "domain" value above should be used in all references
|
||||
#
|
||||
mailDomain: {{ env "MAIL_DOMAIN" | quote }}
|
||||
|
||||
## Define additional mail domains, comma separated, e.g. domain1.de,domain2.de
|
||||
#
|
||||
additionalMailDomains: ""
|
||||
|
||||
## Define synapse host
|
||||
## If this is unset the "domain" value above should be used in all references
|
||||
#
|
||||
matrixDomain: {{ env "MATRIX_DOMAIN" | quote }}
|
||||
|
||||
|
||||
@@ -44,14 +44,14 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/collabora/images/collabora-online-for-opendesk"
|
||||
tag: "24.04.9.2.1@sha256:749917bf9146d8507b3a63d422a30ebe4f499700421c30527e32f322a015c73d"
|
||||
tag: "24.04.12.4.1@sha256:c794cefc3b56b13479e29626bb13e903ccc77a49163dacab1328efed69140c62"
|
||||
collaboraController:
|
||||
# Enterprise Component
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Collabora"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "zendis/opendesk-enterprise/components/supplier/collabora/images-mirror/cool-controller"
|
||||
tag: "1.1.0@sha256:dfbbb6a9bfac94d39bd735eb143084803a774d2fc673a138bf08d4044e8d942a"
|
||||
tag: "1.1.1@sha256:8a5b79920fdf7a8eb9c1e781f480d6134a30c75f14fae3f1ecb0b607e016215c"
|
||||
cryptpad:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "XWiki"
|
||||
@@ -79,12 +79,13 @@ images:
|
||||
tag: "2.3.21@sha256:c76965a84d1ca527f523404eb027119f6736b199c094e4671037cb345ecad3dc"
|
||||
element:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# upstreamRepository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
|
||||
# providerResponsible: "Element"
|
||||
# upstreamRegistry: "https://ghcr.io"
|
||||
# upstreamRepository: "element-hq/element-web-modules/opendesk-plugin"
|
||||
# upstreamMirrorTagFilterRegEx: '^latest-\d+$'
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/nordeck/images/opendesk-element-web"
|
||||
tag: "1.11.7@sha256:c5881cea86a721252e724000e4ed870cae66f9b3eabc45074e1f43b1818423bc"
|
||||
repository: "bmi/opendesk/components/supplier/element/images-mirror/opendesk-plugin"
|
||||
tag: "latest-250304@sha256:b997a9245c5a85ddb9935e6a9f8f8da60fed58aad17df8f1e1e2fabafdbf0dd1"
|
||||
elementAdminBot:
|
||||
# Enterprise Component
|
||||
# providerCategory: "Supplier"
|
||||
@@ -152,7 +153,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
tag: "2.7.3@sha256:bae60a9a14df53431f81846bf98520e3340dbfc1abae88622ccbd3c6e81cd930"
|
||||
tag: "2.10.3@sha256:7b767f7a3f0e6c43e0f287374fd7fc758ec73e9fdb760a88150a64b2a33d1b66"
|
||||
jibri:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -318,7 +319,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
|
||||
tag: "2.4.2@sha256:1f5d1378ac2cb00f6918fa49298bffe7da5e8c1eb02ae1ab3783870df2250841"
|
||||
tag: "2.4.8@sha256:4ff33258b7d13a04a7ba1121c4e1ff23dd91f5b7cd54ba548f4cb2061dcb2a8d"
|
||||
nextcloudExporter:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -350,7 +351,7 @@ images:
|
||||
# upstreamRepository: "lasuite/impress-frontend"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-notes"
|
||||
tag: "1.6.0-new-ui@sha256:96273e429d9ae6ebfb3173e09357f32d7b6cbe8189c12eacd149ed6da387d75d"
|
||||
tag: "1.5.1@sha256:dad7dd60a5eb39b71b4911558cf7eac9ed6dc050593a046f5da0eaa75c65d344"
|
||||
notesYProvider:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "DINUM"
|
||||
@@ -528,7 +529,15 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
tag: "1.9.1-trossner-improve-notes-permission@sha256:784a4fd2e49ca35d497ba5deddb11635d074e72708d729bc2cc19d1fac1feaef"
|
||||
tag: "1.12.5@sha256:58cd2e545b65d354cc242cd97b06ce41733e9c6701c132c108bac245c493f7f0"
|
||||
nubusOpendeskExtensionA2gMapper:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus-a2g-mapper"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus-a2g-mapper"
|
||||
tag: "1.0.1@sha256:527cf7d0515df441b7ac8bc29b40f8703c87246ddc9594d9e24531571dc6359d"
|
||||
nubusOpenPolicyAgent:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -596,7 +605,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
|
||||
tag: "0.46.0@sha256:01464a4f2e1297ff2d1a507e69829fa7d0b84543e88280113bd9b9fb88bf2bce"
|
||||
tag: "0.48.1@sha256:0fac927b2690d6b704e4918102adcbd971effd2cf4af2fb7b86aba5902788a8e"
|
||||
nubusProvisioningEventsAndConsumerApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -606,7 +615,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
|
||||
tag: "0.46.0@sha256:c9025d0c058a36fb7926a6ad9768f9909efa4dff76022d7b7de862b000da6e6f"
|
||||
tag: "0.48.1@sha256:042633fbf98f9600fa79103476871f4754aab5633b0d04ad4aae780e80f685f4"
|
||||
nubusProvisioningPrefill:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -616,7 +625,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
|
||||
tag: "0.46.0@sha256:e7dfa77a8fe5b6d40d734b04dda9583c03ae8cf48221e6f0af0b35052514a948"
|
||||
tag: "0.48.1@sha256:6019d3ab31a69c46c12addb7b7ede30e9b25d236169f3bb4bde678d576f207d3"
|
||||
nubusProvisioningUdmListener:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -626,7 +635,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
|
||||
tag: "0.46.0@sha256:648101e9115fa9c32583f2588a722201fed8b537167931cce3aee1111c6f50b2"
|
||||
tag: "0.48.1@sha256:39aeb312e0148400b54184dbbe4595cd75e8dc62c0abfaaf56efc863f2486810"
|
||||
nubusProvisioningUdmTransformer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -636,7 +645,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["0", "14", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
|
||||
tag: "0.46.0@sha256:e1877879044e5b0967362b5ec9a491e046d674407fbf081756b5e9e0e2dcd8e5"
|
||||
tag: "0.48.1@sha256:414a329af821e50b20c0443bc6364f91f4f6a8cc879cc881757a715f273c5a99"
|
||||
nubusSelfServiceConsumer:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -720,7 +729,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["13", "1", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
|
||||
tag: "15.2.0@sha256:5394a6cddc3f27efd20aeba4c2a0da0c0234ea914726f2d8cb6ebebeb500b9cf"
|
||||
tag: "15.3.1@sha256:4d9738ad49c2756ccdb1b589a27d4963cc8cdcdc9d5394efe14f705825bac5af"
|
||||
openprojectBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -736,7 +745,7 @@ images:
|
||||
# upstreamRepository: "library/postgres"
|
||||
registry: "registry-1.docker.io"
|
||||
repository: "library/postgres"
|
||||
tag: "16.3-alpine3.20@sha256:de3d7b6e4b5b3fe899e997579d6dfe95a99539d154abe03f0b6839133ed05065"
|
||||
tag: "16.8-alpine3.20@sha256:951d0626662c85a25e1ba0a89e64f314a2b99abced2c85b4423506249c2d82b0"
|
||||
openxchangeBootstrap:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -764,7 +773,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "51"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/middleware-public-sector"
|
||||
tag: "8.30.62@sha256:9e4341c723cf6671479dfaad37635f8b28bb510decb9b7f0fd2616faacbf0d1a"
|
||||
tag: "8.33.56@sha256:4b3064fbcd068562a66cea1ff38c859aecc48038650efbf786d4122601ced674"
|
||||
openxchangeCoreUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -774,7 +783,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-ui"
|
||||
tag: "8.30.1@sha256:bd15c87f0bd929be56dea260e35de0e089758eaf394c0eb4ece2991371c7ad5e"
|
||||
tag: "8.33.2@sha256:8c98cc1f91a366a6c4f1464fb7efcef148fc614c117c34a9d5da45ee40c04bae"
|
||||
openxchangeCoreUIMiddleware:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -794,7 +803,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "799279"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/core-user-guide"
|
||||
tag: "8.30.1161251@sha256:a082bcf5768c2cba22f36a4299665474af92fd18307a1de719fc541717aee0b7"
|
||||
tag: "8.33.1228926@sha256:0b6356afdce7021b78ff49020cf4defcc671c0146547043e1313fc1136a2f576"
|
||||
openxchangeDocumentConverter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -804,7 +813,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/documentconverter"
|
||||
tag: "8.30.60@sha256:4b3c79f94beec71f1b3e6c1be3cb4894d25e3a3133390cb077bf6fa749cecbe8"
|
||||
tag: "8.33.49@sha256:0bbb37e36aeaad00e7c6f78d4a25621be9fdd854dc39ba9dfa0ea923c088978c"
|
||||
openxchangeGotenberg:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -814,7 +823,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["7", "9", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/gotenberg"
|
||||
tag: "8.2.0@sha256:ec5afe8eea496d3bef6c42291fde9c203c20e8a68189a2314ef876e9c0e67680"
|
||||
tag: "8.12.0@sha256:2b36e1ea5db6d3d475348c0ed8df5edf09ab92781a9cfbb9ce7c96971cfcc5a8"
|
||||
openxchangeGuardUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -824,7 +833,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["4", "2", "2"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/guard-ui"
|
||||
tag: "8.28.1@sha256:eed6a81f8393ce6ecdc8ea83507e0a734431a0eb8d30221f4cabe9fc7906e4e6"
|
||||
tag: "8.32.0@sha256:5c9542f9112882e46c3b8cb6f0ca2bef61585abac0e640a4fafa7d7ef60a392b"
|
||||
openxchangeImageConverter:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -834,7 +843,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["8", "20", "50"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/imageconverter"
|
||||
tag: "8.30.61@sha256:816008c99e38a7268a323c2c144f1855275c53ea678cd6fdf2ff2170bd7bcfac"
|
||||
tag: "8.33.53@sha256:454c53e2b7f5fab14bf29495854ffe2c10f44c4d4a611e237232eeeb3903feb8"
|
||||
openxchangeNextcloudIntegrationUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -844,7 +853,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["1", "2", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/nextcloud-integration-ui"
|
||||
tag: "1.2.0@sha256:3d0ef11196f7544a01539e6790e4402ad69e2a501312eb7c7bb128c6563d0a8d"
|
||||
tag: "1.3.2@sha256:d9129b87a184cc0020a40f2720e3190c64b30ed983dc68e4b3fe52cc8a7ee1a4"
|
||||
openxchangePublicSectorUI:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -854,7 +863,7 @@ images:
|
||||
# upstreamMirrorStartFrom: ["2", "2", "1"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/open-xchange/images-mirror/public-sector-ui"
|
||||
tag: "2.3.0@sha256:a557816ee55500ecc3b46b60f0440ea66c7f0d90e888ce3b0df8a9acdd72acbe"
|
||||
tag: "2.3.1@sha256:8bd35ef700eb48b8f40a71d02aea179cf2eae95a1be3b3b5f1cacb3698bc488a"
|
||||
oxConnector:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -872,7 +881,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||
tag: "2.0.0@sha256:5b2432dc09318db172a593bca860887ee9d713b9987db64f8b265f3e08a1d374"
|
||||
tag: "3.0.1@sha256:d2c6543b35b616ac3e6c8c27222d3154c0d35680813a8942ce0cc3fa9ea72a6d"
|
||||
postgresql:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -36,10 +36,10 @@ apps:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
elementAdmin:
|
||||
enabled: {{ if eq (env "OPENDESK_ENTERPRISE") "true" }}true{{ else }}false{{ end }}
|
||||
enabled: false
|
||||
namespace: ~
|
||||
elementGroupsync:
|
||||
enabled: {{ if eq (env "OPENDESK_ENTERPRISE") "true" }}true{{ else }}false{{ end }}
|
||||
enabled: false
|
||||
namespace: ~
|
||||
home:
|
||||
enabled: true
|
||||
|
||||
@@ -84,8 +84,6 @@ replicas:
|
||||
umsGuardianManagementUi: 1
|
||||
# -- scalable: tbd
|
||||
umsGuardianOpenPolicyAgent: 1
|
||||
# -- scalable: tbd
|
||||
umsKeycloak: 1
|
||||
# -- scalable: false
|
||||
# -- comment: Should not be scaled, is an async process.
|
||||
umsKeycloakExtensionsHandler: 1
|
||||
|
||||
@@ -262,6 +262,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "512Mi"
|
||||
nextcloudCron:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "1Gi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "512Mi"
|
||||
nextcloudExporter:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
@@ -23,6 +23,8 @@ secrets:
|
||||
synapseAsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "as_token" | sha1sum | quote }}
|
||||
oxConnector:
|
||||
provisioningApiPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nubus" "ox-connector" | sha1sum | quote }}
|
||||
postfix:
|
||||
opendeskSystemPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "postfix" "opendesk-system" | sha1sum | quote }}
|
||||
nubus:
|
||||
masterpassword: {{ env "MASTER_PASSWORD" | default "sovereign-workplace" | quote }}
|
||||
ldapSecret: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "cn=admin" "ldap" | sha1sum | quote }}
|
||||
|
||||
12
helmfile/environments/default/service.yaml.gotmpl
Normal file
12
helmfile/environments/default/service.yaml.gotmpl
Normal file
@@ -0,0 +1,12 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2025 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
service:
|
||||
# Only override when needed, the default is set in `.Values.cluster.service.type` defined in `cluster.yaml.gotmpl`
|
||||
type:
|
||||
jitsiVideoBridge: ~
|
||||
dovecot: ~
|
||||
postfix: ~
|
||||
...
|
||||
@@ -10,7 +10,7 @@ smtp:
|
||||
password: {{ env "SMTP_PASSWORD" | quote }}
|
||||
localpartNoReply: "no-reply"
|
||||
|
||||
# For the following settings to have effect `dkimpy.enabled` must be `true`.
|
||||
# For the following settings to have effect `apps.dkimpy.enabled` must be `true`.
|
||||
dkim:
|
||||
key:
|
||||
# DKIM private key as plaintext value.
|
||||
|
||||
@@ -90,7 +90,7 @@ theme:
|
||||
realtimeCollaboration: {{ readFile "./../../files/theme/chat/favicon.svg" | b64enc | quote }}
|
||||
realtimeVideoconference: {{ readFile "./../../files/theme/videoconference/favicon.svg" | b64enc | quote }}
|
||||
# empty.svg
|
||||
dummyCircle: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}
|
||||
empty: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}
|
||||
fileshareActivity: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}
|
||||
adminContext: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}
|
||||
selfserviceChangepassword: {{ readFile "./../../files/theme/_dev/empty.svg" | b64enc | quote }}
|
||||
|
||||
Reference in New Issue
Block a user