fix(element): Bump NeoBoard Widget to v1.20.0

Signed-off-by: Milton Moura <miltonmoura@gmail.com>
Move guest flag to defaults
2025-12-07 07:51:38 +01:00 · 2024-10-03 14:34:25 +00:00 · 2024-10-03 13:46:22 +00:00 · 2024-10-03 12:58:17 +00:00 · 2024-10-03 12:56:09 +00:00 · 2024-10-03 12:26:39 +00:00
35 changed files with 189 additions and 242 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,7 +4,7 @@
 ---
 include:
  - project: "${PROJECT_PATH_GITLAB_CONFIG_TOOLING}"
-    ref: "v2.4.2"
+    ref: "v2.3.4"
    file:
      - "ci/common/automr.yml"
      - "ci/common/lint.yml"
@@ -429,11 +429,11 @@ env-stop:

 .ums-default-password: &ums-default-password
  - |
-    DEFAULT_ADMINISTRATOR_PASSWORD=$(
-       kubectl \
-         -n ${NAMESPACE} \
-         get secret ums-nubus-credentials \
-         -o jsonpath='{.data.administrator_password}' | base64 -d \
+    DEFAULT_USER_PASSWORD=$( \
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.user_password}' | base64 -d \
+    )
+    DEFAULT_ADMIN_PASSWORD=$(
+       kubectl -n ${NAMESPACE} get secret ums-nubus-credentials -o jsonpath='{.data.admin_password}' | base64 -d \
    )

 run-tests:
@@ -464,8 +464,10 @@ run-tests:
          \"namespace\": \"${NAMESPACE}\", \
          \"url\": \"https://portal.${DOMAIN}/\", \
          \"language\": \"${LANGUAGE}\", \
-          \"udm_api_username\": \"Administrator\", \
-          \"udm_api_password\": \"${DEFAULT_ADMINISTRATOR_PASSWORD}\", \
+          \"user_name\": \"${DEFAULT_USER_NAME}\", \
+          \"user_password\": \"${DEFAULT_USER_PASSWORD}\", \
+          \"admin_name\": \"${DEFAULT_ADMIN_NAME}\", \
+          \"admin_password\": \"${DEFAULT_ADMIN_PASSWORD}\", \
          \"screenshot_test\": \"yes\", \
          \"screenshot_before_step\": \"yes\", \
          \"screenshot_after_step\": \"yes\", \
--- a/.gitlab/lint/lint-kyverno.yml
+++ b/.gitlab/lint/lint-kyverno.yml
@@ -27,19 +27,7 @@ lint-kyverno:
    - >
      node /app/opendesk-ci-cli/src/index.js generate-kyverno-env
      -d ${CI_PROJECT_DIR}/helmfile/environments
-    - "helmfile template -e test --include-needs --skip-tests > ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml"
-    - "cd ${CI_PROJECT_DIR}/.kyverno"
-    # Test optional
-    - >
-      node /app/opendesk-ci-cli/src/index.js generate-kyverno-tests
-      -d ${CI_PROJECT_DIR}/.kyverno
-      -t optional
-      -s manifest
-      -f opendesk.yaml
-      --skip-tests true
-      ${APP}
-    - "kyverno test . || true"
-    # Test required
+    - "helmfile template -e test --include-needs > ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml"
    - >
      node /app/opendesk-ci-cli/src/index.js generate-kyverno-tests
      -d ${CI_PROJECT_DIR}/.kyverno
@@ -48,5 +36,8 @@ lint-kyverno:
      -f opendesk.yaml
      --skip-tests true
      ${APP}
+    - "node /app/opendesk-ci-cli/src/index.js filter-for-kinds -f ${CI_PROJECT_DIR}/.kyverno/opendesk.yaml"
+    - "cd ${CI_PROJECT_DIR}/.kyverno"
    - "kyverno test ."
+
 ...
--- a/.kyverno/policies/_policies.yaml
+++ b/.kyverno/policies/_policies.yaml
@@ -13,7 +13,7 @@ pod:
      - "DaemonSet"
  - name: "disallow-default-serviceaccount"
    rule: "disallow-default-serviceAccountName"
-    type: "optional"
+    type: "required"
    kinds:
      - "StatefulSet"
      - "Deployment"
@@ -58,7 +58,7 @@ pod:
      - "DaemonSet"
  - name: "require-health-and-liveness-check"
    rule: "require-health-and-liveness-check"
-    type: "optional"
+    type: "required"
    kinds:
      - "StatefulSet"
      - "Deployment"
@@ -158,7 +158,7 @@ pod:
      - "DaemonSet"
  - name: "require-containersecuritycontext"
    rule: "require-seccomp-profile"
-    type: "optional"
+    type: "required"
    kinds:
      - "StatefulSet"
      - "Deployment"
@@ -176,7 +176,7 @@ pod:
      - "DaemonSet"
  - name: "require-containersecuritycontext"
    rule: "require-empty-seLinuxOptions"
-    type: "optional"
+    type: "required"
    kinds:
      - "StatefulSet"
      - "Deployment"
@@ -285,7 +285,7 @@ pod:
      - "Ingress"
  - name: "template-replicas"
    rule: "template-replicas"
-    type: "optional"
+    type: "required"
    kinds:
      - "StatefulSet"
      - "Deployment"
--- a/.kyverno/policies/require-requests-limits.yaml
+++ b/.kyverno/policies/require-requests-limits.yaml
@@ -27,20 +27,6 @@ spec:
        message: "CPU and memory resource requests and limits are required."
        pattern:
          spec:
-            =(ephemeralContainers):
-              - resources:
-                  limits:
-                    memory: "?*"
-                  requests:
-                    cpu: "?*"
-                    memory: "?*"
-            =(initContainers):
-              - resources:
-                  limits:
-                    memory: "?*"
-                  requests:
-                    cpu: "?*"
-                    memory: "?*"
            containers:
              - resources:
                  limits:
--- a/README.md
+++ b/README.md
@@ -29,14 +29,14 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
 openDesk currently features the following functional main components:

 | Function             | Functional Component        | Component<br/>Version                                                                 | Upstream Documentation                                                                                                                       |
-| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
+| -------------------- | --------------------------- |---------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------|
 | Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67)        | [For the most recent release](https://element.io/user-guide)                                                                                 |
 | Diagram editor       | CryptPad ft. diagrams.net   | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0)                      | [For the most recent release](https://docs.cryptpad.org/en/)                                                                                 |
-| File management      | Nextcloud                   | [29.0.7](https://nextcloud.com/de/changelog/#29-0-7)                                  | [SNextcloud 29](https://docs.nextcloud.com/)                                                                                                  |
+| File management      | Nextcloud                   | [29.0.7](https://nextcloud.com/de/changelog/#29-0-7)                                  | [Nextcloud 29](https://docs.nextcloud.com/)                                                                                                  |
 | Groupware            | OX App Suite                | [8.26](https://documentation.open-xchange.com/appsuite/releases/8.26/)                | Online documentation available from within the installed application; [Additional resources](https://www.open-xchange.com/resources/oxpedia) |
-| Knowledge management | XWiki                       | [16.4.4](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.4/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
-| Portal & IAM         | Nubus                       | [1.0]                                                                                 | [Univention's documentation website](https://docs.software-univention.de/n/en/nubus.html)                                                    |
-| Project management   | OpenProject                 | [14.6.1](https://www.openproject.org/docs/release-notes/14-6-1/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
+| Knowledge management | XWiki                       | [16.4.1](https://www.xwiki.org/xwiki/bin/view/ReleaseNotes/Data/XWiki/16.4.1/)        | [For the most recent release](https://www.xwiki.org/xwiki/bin/view/Documentation)                                                            |
+| Portal & IAM         | Nubus                       | Product Preview[^1]                                                                   | [Univention's documentation website](https://docs.software-univention.de/n/en/index.html)                                                    |
+| Project management   | OpenProject                 | [14.5.1](https://www.openproject.org/docs/release-notes/14-5-1/)                      | [For the most recent release](https://www.openproject.org/docs/user-guide/)                                                                  |
 | Videoconferencing    | Jitsi                       | [2.0.9646](https://github.com/jitsi/jitsi-meet/releases/tag/stable%2Fjitsi-meet_9646) | [For the most recent  release](https://jitsi.github.io/handbook/docs/category/user-guide/)                                                   |
 | Weboffice            | Collabora                   | [24.04.7.2](https://www.collaboraoffice.com/code-24-04-release-notes/)                | Online documentation available from within the installed application; [Additional resources](https://sdk.collaboraonline.com/)               |

--- a/docs/migrations.md
+++ b/docs/migrations.md
@@ -9,11 +9,11 @@ SPDX-License-Identifier: Apache-2.0
 * [Releases upgrades](#releases-upgrades)
  * [From v0.9.0](#from-v090)
    * [Changed openDesk defaults](#changed-opendesk-defaults)
-      * [Removal of unnecessary OX-Profiles in Nubus](#removal-of-unnecessary-ox-profiles-in-nubus)
      * [MatrixID localpart update](#matrixid-localpart-update)
      * [File-share configurability](#file-share-configurability)
      * [Updated default subdomains in `global.hosts`](#updated-default-subdomains-in-globalhosts)
      * [Updated `global.imagePullSecrets`](#updated-globalimagepullsecrets)
+      * [Removal of unnecessary OX-Profiles in Nubus](#removal-of-unnecessary-ox-profiles-in-nubus)
      * [Dedicated group for access of the UDM REST API](#dedicated-group-for-access-of-the-udm-rest-api)
    * [Automated migrations](#automated-migrations)
      * [Local Postfix as Relay](#local-postfix-as-relay)
@@ -42,33 +42,6 @@ Though we try to ease the pain when it comes to 0.x upgrades. That is what this

 ### Changed openDesk defaults

-
-#### Removal of unnecessary OX-Profiles in Nubus
-
-**Warning: If you do not address this section with your current deployment the upgrade will fail.**
-
-The update will remove unnecessary OX-Profiles in Nubus, but can't as long as these profiles are in use.
-
-So please ensure that only the following two supported profiles are assigned to your users:
- `opendesk_standard`: "opendesk Standard"
- `none`: "Login disabled"
-
-You can review and update other accounts as follows:
- Login as IAM admin.
- Open the user module.
- Open the extended search by clicking the funnel (Trichter) icon next to the search input field.
- Open the "Property" (Eigenschaft) list and select "OX Access" (OX-Berechtigung).
- In the input field right next to the list enter an asterisk (*).
- Start the search by clicking once more on the funnel icon.
- Sort the result list for the "OX Access" column
- Edit every user that has a value different to `opendesk_standard` or `none`:
-  - Open the user.
-  - Go to section "OX App Suite".
-  - Change the value in the dropdown "OX Access" to either:
-    - "openDesk Standard" if the user should be able to use the Groupware module or
-    - "Login disabled" if the user should not user the Groupware module.
-    - Update the user account with the green "SAVE" button on top of the page.
-
 #### MatrixID localpart update

 Until 0.9.0 openDesk used the LDAP entryUUID of a user to generate the user's MatrixID. Due to restrictions of the
@@ -192,6 +165,30 @@ global:
    - "external-registry"
 ```

+#### Removal of unnecessary OX-Profiles in Nubus
+
+The update will remove unnecessary OX-Profiles in Nubus, but can't as long as these profiles are in use.
+
+So please ensure that only the following two supported profiles are assigned to your users:
+- `opendesk_standard`: "opendesk Standard"
+- `none`: "Login disabled"
+
+You can check and update the profiles as follows:
+- Login as IAM admin.
+- Open the user module.
+- Open the extended search by clicking the funnel (Trichter) icon next to the search input field.
+- Open the "Property" (Eigenschaft) list and select "OX Access" (OX-Berechtigung).
+- In the input field right next to the list enter an asterisk (*).
+- Start the search by clicking once more on the funnel icon.
+- Sort the result list for the "OX Access" column
+- Edit every user that has a value different to `opendesk_standard` or `none`:
+  - Open the user.
+  - Go to section "OX App Suite".
+  - Change the value in the dropdown "OX Access" to either:
+    - "openDesk Standard" if the user should be able to use the Groupware module or
+    - "Login disabled" if the user should not user the Groupware module.
+    - Update the user account with the green "SAVE" button on top of the page.
+
 #### Dedicated group for access of the UDM REST API

 Prerequisite: You allow the use of the [IAM's API](https://docs.software-univention.de/developer-reference/5.0/en/udm/rest-api.html)
--- a/helmfile/apps/collabora/values.yaml.gotmpl
+++ b/helmfile/apps/collabora/values.yaml.gotmpl
@@ -8,13 +8,7 @@ autoscaling:
  enabled: false

 collabora:
-  extra_params: >
-    --o:ssl.enable=false
-    --o:ssl.termination=true
-    --o:fetch_update_check=0
-    --o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/richdocuments/settings/fonts.json
-    --o:net.proto={{ if eq .Values.cluster.networking.ipFamilies "DualStack" }}all{{ else }}{{ .Values.cluster.networking.ipFamilies }}{{ end }}
-
+  extra_params: "--o:ssl.enable=false --o:ssl.termination=true --o:fetch_update_check=0 --o:remote_font_config.url=https://{{ .Values.global.hosts.nextcloud }}.{{ .Values.global.domain }}/apps/richdocuments/settings/fonts.json"
  username: "collabora-internal-admin"
  password: {{ .Values.secrets.collabora.adminPassword | quote }}
  aliasgroups:
--- a/helmfile/apps/element/values-element.yaml.gotmpl
+++ b/helmfile/apps/element/values-element.yaml.gotmpl
@@ -7,6 +7,10 @@ SPDX-License-Identifier: Apache-2.0
 configuration:
  endToEndEncryption: true
  additionalConfiguration:
+  {{- if not .Values.configuration.homeserver.guestModule.enabled }}
+    disable_guests: true
+  {{- end }}
+
    logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"

    "net.nordeck.element_web.module.opendesk":
--- a/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
+++ b/helmfile/apps/element/values-matrix-neodatefix-bot.yaml.gotmpl
@@ -14,16 +14,16 @@ global:
 configuration:
  bot:
    username: "meetings-bot"
-    display name: "Terminplaner Bot"
+    display name: "Scheduler Bot"
  openxchangeBaseUrl: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.global.domain }}"
  strings:
-    breakoutSessionWidgetName: "Breakoutsessions"
-    calendarRoomName: "Terminplaner"
-    calendarWidgetName: "Terminplaner"
-    cockpitWidgetName: "Meeting Steuerung"
-    jitsiWidgetName: "Videokonferenz"
+    breakoutSessionWidgetName: "Breakout Sessions"
+    calendarRoomName: "Scheduler"
+    calendarWidgetName: "Scheduler"
+    cockpitWidgetName: "Meeting control"
+    jitsiWidgetName: "Video conference"
    matrixNeoBoardWidgetName: "Whiteboard"
-    matrixNeoChoiceWidgetName: "Abstimmungen"
+    matrixNeoChoiceWidgetName: "Votes"

 containerSecurityContext:
  allowPrivilegeEscalation: false
--- a/helmfile/apps/element/values-synapse.yaml.gotmpl
+++ b/helmfile/apps/element/values-synapse.yaml.gotmpl
@@ -91,7 +91,6 @@ configuration:
        {{- end }}

    guestModule:
-      enabled: true
      image:
        imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
        registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.synapseGuestModule.registry | quote }}
--- a/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
+++ b/helmfile/apps/nextcloud/values-nextcloud-mgmt.yaml.gotmpl
@@ -18,10 +18,8 @@ cleanup:

 configuration:
  administrator:
-    username:
-      value: "nextcloud"
-    password:
-      value: {{ .Values.secrets.nextcloud.adminPassword | quote }}
+    username: "nextcloud"
+    password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
  antivirus:
    {{- if .Values.clamavDistributed.enabled }}
    host: "clamav-icap"
@@ -50,8 +48,7 @@ configuration:
        value: {{ .Values.databases.nextcloud.password | default .Values.secrets.mariadb.nextcloudUser | quote }}
  ldap:
    host: {{ .Values.ldap.host | quote }}
-    password:
-      value: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
+    password: {{ .Values.secrets.nubus.ldapSearch.nextcloud | quote }}
    adminGroupName: "managed-by-attribute-FileshareAdmin"
  objectstore:
    auth:
--- a/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-intercom-service.yaml.gotmpl
@@ -31,7 +31,6 @@ ics:
  secret: {{ .Values.secrets.intercom.secret | quote }}
  issuerBaseUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
  originRegex: "{{ .Values.global.domain }}"
-  userUniqueMapper: {{ if .Values.functional.chat.matrix.profile.useImmutableIdentifierForLocalpart }}"entryuuid"{{ else }}"phoenixusername"{{ end }}
  keycloak:
    realm: {{ .Values.platform.realm | quote }}
  default:
--- a/helmfile/apps/nubus/values-nubus.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-nubus.yaml.gotmpl
@@ -239,6 +239,66 @@ nubusPortalFrontend:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName }}

+    # TODO: Remove the block "items" once the "redirects" section has been
+    # corrected.
+    #
+    # This does override the path configuration of the ingress
+    # "ums-portal-frontend-redirects" to avoid that "/univention/*" is
+    # redirected to "/univention/portal/".
+    items:
+      - name: rewrites
+        # -- Define the Fully Qualified Domain Name (FQDN) where application should be reachable.
+        host: ""
+
+        # -- Define the Ingress paths.
+        paths:
+          - path: /univention/(portal|selfservice)/
+            pathType: ImplementationSpecific
+          - path: /univention/(portal|selfservice)/index.html
+            pathType: ImplementationSpecific
+          - path: /univention/(portal|selfservice)/(css|fonts|i18n|media|js|oidc|custom)(/.*)
+            pathType: ImplementationSpecific
+          - path: /univention/(portal)/(icons)(/.*)$
+            pathType: ImplementationSpecific
+
+        # -- The Ingress controller class name.
+        ingressClassName: ""
+
+        # -- Define custom ingress annotations.
+        # annotations:
+        #   nginx.ingress.kubernetes.io/rewrite-target: /
+        annotations:
+          nginx.ingress.kubernetes.io/rewrite-target: "/$2$3"
+          nginx.ingress.kubernetes.io/use-regex: "true"
+
+        # -- Secure an Ingress by specifying a Secret that contains a TLS private key and certificate.
+        #
+        # Ref.: https://kubernetes.io/docs/concepts/services-networking/ingress/#tls
+        tls:
+          # enabled: true
+          # Set to override the global secretName
+          secretName: ""
+      - name: redirects
+        host: ""
+        paths:
+          - pathType: Exact
+            path: /$
+          - pathType: Exact
+            path: /univention$
+          - pathType: Exact
+            path: /univention/$
+          - pathType: Exact
+            path: /univention/portal$
+          - pathType: Exact
+            path: /univention/selfservice$
+        ingressClassName: ""
+        annotations:
+          nginx.ingress.kubernetes.io/permanent-redirect: "/univention/portal/"
+        tls:
+          # enabled: true
+          # Set to override the global secretName
+          secretName: ""
+
 nubusKeycloakExtensions:
  keycloak:
    auth:
@@ -406,8 +466,6 @@ nubusStackDataUms:
      - 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
    portaltileGroupLiveCollaboration:
      - 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
-    portaltileGroupVideoconference:
-      - 'cn=managed-by-attribute-Videoconference,cn=groups,{{ .Values.ldap.baseDn }}'
    systemInformation:
      releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
      {{- if .Values.functional.admin.portal.deploymentTimestamp.enabled }}
@@ -461,6 +519,15 @@ nubusUmcGateway:
      enabled: {{ .Values.ingress.tls.enabled }}
      secretName: {{ .Values.ingress.tls.secretName | quote }}

+    # TODO: Remove the block "paths" once it has been corrected upstream.
+    paths:
+        - path: /()(univention/)(languages.json|meta.json|theme.css)
+          pathType: ImplementationSpecific
+        - path: /()(univention/)((js|management|themes)/.*)
+          pathType: ImplementationSpecific
+        - path: /()(univention/login/)(dialog.js|main.js|LoginDialog.js|i18n/.*?/main.json)
+          pathType: ImplementationSpecific
+
 nubusKeycloakBootstrap:
  additionalAnnotations:
    argocd.argoproj.io/hook: "Sync"
--- a/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-customization.yaml.gotmpl
@@ -185,33 +185,6 @@ nubusUmcServer:
    runAsNonRoot: false
    seLinuxOptions:
      {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
-  containerSecurityContextSssd:
-    enabled: true
-    allowPrivilegeEscalation: true
-    capabilities:
-      drop:
-        - "ALL"
-      add:
-        - "DAC_OVERRIDE"
-        - "SETGID"
-        - "AUDIT_WRITE"
-        - "SETUID"
-        - "CHOWN"
-        - "SETPCAP"
-        - "FOWNER"
-        - "FSETID"
-        - "KILL"
-        - "MKNOD"
-        - "NET_BIND_SERVICE"
-        - "SYS_CHROOT"
-    runAsUser: 0
-    runAsGroup: 0
-    seccompProfile:
-      type: "RuntimeDefault"
-    readOnlyRootFilesystem: true
-    runAsNonRoot: false
-    seLinuxOptions:
-      {{ .Values.seLinuxOptions.umsUmcServer | toYaml | nindent 6 }}
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
  proxy:
--- a/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/nubus/values-opendesk-keycloak-bootstrap.yaml.gotmpl
@@ -534,10 +534,6 @@ containerSecurityContext:
  seLinuxOptions:
    {{ .Values.seLinuxOptions.opendeskKeycloakBootstrap | toYaml | nindent 4 }}

-additionalAnnotations:
-    argocd.argoproj.io/hook: "Sync"
-    argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
-
 podAnnotations:
  intents.otterize.com/service-name: "ums-keycloak-bootstrap"

--- a/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-dovecot.yaml.gotmpl
@@ -16,9 +16,6 @@ imagePullSecrets:
 dovecot:
  mailDomain: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
  password: {{ .Values.secrets.dovecot.doveadm | quote }}
-  migration:
-    enabled: {{ .Values.functional.migration.oxAppsuite.enabled }}
-    masterPassword: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }}
  ldap:
    enabled: true
    host: {{ .Values.ldap.host | quote }}
--- a/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange-bootstrap.yaml.gotmpl
@@ -9,16 +9,8 @@ cleanup:
  deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}

 containerSecurityContext:
-  allowPrivilegeEscalation: false
-  capabilities:
-    drop:
-      - "ALL"
-  runAsUser: 1000
-  runAsGroup: 1000
  seccompProfile:
    type: "RuntimeDefault"
-  readOnlyRootFilesystem: true
-  runAsNonRoot: true
  seLinuxOptions:
    {{ .Values.seLinuxOptions.openxchangeBootstrap | toYaml | nindent 4 }}

@@ -31,7 +23,7 @@ image:
 imagePullSecrets:
  {{ .Values.global.imagePullSecrets | toYaml | nindent 2 }}

-additionalAnnotations:
+podAnnotations:
  argocd.argoproj.io/hook: "Sync"
  argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
 ...
--- a/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-openxchange.yaml.gotmpl
@@ -23,7 +23,6 @@ nextcloud-integration-ui:
    registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeNextcloudIntegrationUI.registry | quote }}
    repository: {{ .Values.images.openxchangeNextcloudIntegrationUI.repository | quote }}
    tag: {{ .Values.images.openxchangeNextcloudIntegrationUI.tag | quote }}
-    pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
  imagePullSecrets:
  {{- range .Values.global.imagePullSecrets }}
    - name: {{ . | quote }}
@@ -47,8 +46,6 @@ nextcloud-integration-ui:
      type: "RuntimeDefault"
    seLinuxOptions:
      {{ .Values.seLinuxOptions.openxchangeNextcloudIntegrationUI | toYaml | nindent 6 }}
-  serviceAccount:
-    create: false

 public-sector-ui:
  image:
@@ -80,8 +77,6 @@ public-sector-ui:
      type: "RuntimeDefault"
    seLinuxOptions:
      {{ .Values.seLinuxOptions.openxchangePublicSectorUI | toYaml | nindent 6 }}
-  serviceAccount:
-    create: false

 appsuite:
  appsuite-toolkit:
@@ -165,8 +160,6 @@ appsuite:
          type: "RuntimeDefault"
        seLinuxOptions:
          {{ .Values.seLinuxOptions.openxchangeGotenberg | toYaml | nindent 10 }}
-      serviceAccount:
-        create: false
    hooks:
      beforeAppsuiteStart:
        create-guard-dir.sh: |
@@ -174,17 +167,9 @@ appsuite:
          chown open-xchange:open-xchange /opt/open-xchange/guard-files
    packages:
      status:
-        {{- if .Values.functional.migration.oxAppsuite.enabled }}
-        open-xchange-authentication-masterpassword: "enabled"
-        open-xchange-authentication-ldap: "disabled"
-        open-xchange-authentication-oauth: "disabled"
-        open-xchange-oidc: "disabled"
-        {{- else }}
        open-xchange-oidc: "enabled"
        open-xchange-authentication-database: "disabled"
        open-xchange-authentication-oauth: "enabled"
-        open-xchange-authentication-ldap: "disabled"
-        {{- end }}
    properties:
      com.openexchange.UIWebPath: "/appsuite/"
      com.openexchange.showAdmin: "false"
@@ -235,9 +220,6 @@ appsuite:
      com.openexchange.mail.transport.authType: "xoauth2"
      com.openexchange.mail.transportServer: "postfix"
      com.openexchange.mail.transportServerSource: "global"
-      # Requirements for OX-Connector
-      com.openexchange.user.enforceUniqueDisplayName: "false"
-      com.openexchange.folderstorage.database.preferDisplayName: "false"
      # Mailfilter
      com.openexchange.mail.filter.loginType: "global"
      com.openexchange.mail.filter.credentialSource: "mail"
@@ -293,8 +275,6 @@ appsuite:
      com.openexchange.share.cryptKey: {{ .Values.secrets.oxAppsuite.shareCryptKey | quote }}
      com.openexchange.conference.element.authToken: {{ .Values.secrets.oxAppsuite.synapseAsToken | quote }}
    propertiesFiles:
-      /opt/open-xchange/etc/masterpassword-authentication.properties:
-        com.openexchange.authentication.masterpassword.password: {{ .Values.secrets.oxAppsuite.migrationsMasterPassword | quote }}
      /opt/open-xchange/etc/AdminDaemon.properties:
        MASTER_ACCOUNT_OVERRIDE: "true"
      /opt/open-xchange/etc/AdminUser.properties:
@@ -418,8 +398,6 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeCoreUI | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false

  core-ui-middleware:
    enabled: true
@@ -459,9 +437,6 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeCoreUIMiddleware | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
-
  core-cacheservice:
    enabled: false

@@ -479,7 +454,6 @@ appsuite:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeDocumentConverter.registry | quote }}
      repository: {{ .Values.images.openxchangeDocumentConverter.repository | quote }}
      tag: {{ .Values.images.openxchangeDocumentConverter.tag | quote }}
-      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    podAnnotations: {}
    redis: *redisConfiguration
    replicaCount: {{ .Values.replicas.openxchangeCoreDocumentConverter }}
@@ -501,8 +475,6 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeDocumentConverter | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false

  core-documents-collaboration:
    enabled: false
@@ -548,8 +520,6 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeCoreGuidedtours | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false

  core-imageconverter:
    enabled: true
@@ -561,7 +531,6 @@ appsuite:
      registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.openxchangeImageConverter.registry | quote }}
      repository: {{ .Values.images.openxchangeImageConverter.repository | quote }}
      tag: {{ .Values.images.openxchangeImageConverter.tag | quote }}
-      pullPolicy: {{ .Values.global.imagePullPolicy | quote }}
    objectCache:
      s3ObjectStores:
        - id: -1
@@ -589,8 +558,6 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeImageConverter | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false

  guard-ui:
    enabled: true
@@ -621,8 +588,6 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeGuardUI | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
  core-spellcheck:
    enabled: false

@@ -655,6 +620,4 @@ appsuite:
        type: "RuntimeDefault"
      seLinuxOptions:
        {{ .Values.seLinuxOptions.openxchangeCoreUserGuide | toYaml | nindent 8 }}
-    serviceAccount:
-      create: false
 ...
--- a/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
+++ b/helmfile/apps/open-xchange/values-oxconnector.yaml.gotmpl
@@ -90,6 +90,7 @@ securityContext:
      - "SETUID"
      - "SETPCAP"
      - "NET_BIND_SERVICE"
+      - "NET_RAW"
      - "SYS_CHROOT"
  privileged: false
  seccompProfile:
--- a/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl
+++ b/helmfile/apps/openproject-bootstrap/values.yaml.gotmpl
@@ -53,6 +53,8 @@ image:
 job:
  enabled: true

+podAnnotations: {}
+
 podSecurityContext:
  enabled: true
  fsGroup: 1000
--- a/helmfile/apps/openproject/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/openproject/helmfile-child.yaml.gotmpl
@@ -22,7 +22,7 @@ releases:
      - "values.yaml.gotmpl"
      - {{ .Values.customization.release.openproject | default "additionalValues: false" }}
    installed: {{ .Values.openproject.enabled }}
-    timeout: 1800
+    timeout: 1500

 commonLabels:
  deploy-stage: "component-1"
--- a/helmfile/apps/openproject/values.yaml.gotmpl
+++ b/helmfile/apps/openproject/values.yaml.gotmpl
@@ -188,8 +188,6 @@ s3:
 seederJob:
  annotations:
    intents.otterize.com/service-name: "openproject-seeder"
-    argocd.argoproj.io/hook: "Sync"
-    argocd.argoproj.io/hook-delete-policy: "HookSucceeded"
  resources:
    {{ .Values.resources.openprojectSeederJob | toYaml | nindent 4 }}

--- a/helmfile/apps/services/values-mariadb.yaml.gotmpl
+++ b/helmfile/apps/services/values-mariadb.yaml.gotmpl
@@ -73,9 +73,7 @@ persistence:
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
  size: {{ .Values.persistence.size.mariadb | quote }}

-podAnnotations:
-  argocd.argoproj.io/hook: "PostSync"
-  argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
+podAnnotations: {}

 podSecurityContext:
  enabled: true
--- a/helmfile/apps/services/values-postgresql.yaml.gotmpl
+++ b/helmfile/apps/services/values-postgresql.yaml.gotmpl
@@ -29,6 +29,9 @@ podSecurityContext:
  fsGroup: 1001
  fsGroupChangePolicy: "OnRootMismatch"

+postgres:
+  user: "postgres"
+
 replicaCount: {{ .Values.replicas.postgres }}

 global:
@@ -87,12 +90,9 @@ persistence:
  storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
  size: {{ .Values.persistence.size.postgresql | quote }}

-podAnnotations:
-  argocd.argoproj.io/hook: "PostSync"
-  argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
+podAnnotations: {}

 postgres:
-  user: "postgres"
  password: {{ .Values.secrets.postgresql.postgresUser | quote }}

 resources:
--- a/helmfile/apps/xwiki/helmfile-child.yaml.gotmpl
+++ b/helmfile/apps/xwiki/helmfile-child.yaml.gotmpl
@@ -21,7 +21,7 @@ releases:
      - "values.yaml.gotmpl"
      - {{ .Values.customization.release.xwiki | default "additionalValues: false" }}
    installed: {{ .Values.xwiki.enabled }}
-    timeout: 1800
+    timeout: 900

 commonLabels:
  deploy-stage: "component-1"
--- a/helmfile/apps/xwiki/values.yaml.gotmpl
+++ b/helmfile/apps/xwiki/values.yaml.gotmpl
@@ -88,8 +88,6 @@ customConfigs:
    workplaceServices.base: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
    workplaceServices.portalSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
    openoffice.serverType: "0"
-    openoffice.autoStart: "false"
-    openoffice.homePath: "/tmp"
    notifications.emails.live.graceTime: "5"

 ingress:
--- a/helmfile/environments/default/charts.yaml
+++ b/helmfile/environments/default/charts.yaml
@@ -58,7 +58,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
    name: "cryptpad"
-    version: "0.0.20"
+    version: "0.0.19"
    verify: true
  dkimpy:
    # providerCategory: "Platform"
@@ -80,7 +80,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-dovecot"
    name: "dovecot"
-    version: "1.4.0"
+    version: "1.3.10"
    verify: true
  element:
    # providerCategory: "Platform"
@@ -122,7 +122,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    name: "intercom-service"
-    version: "2.4.0"
+    version: "2.2.0"
    verify: true
  jitsi:
    # providerCategory: "Platform"
@@ -132,7 +132,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-jitsi"
    name: "opendesk-jitsi"
-    version: "1.12.3"
+    version: "1.12.1"
    verify: true
  mariadb:
    # providerCategory: "Platform"
@@ -212,7 +212,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-migrations"
    name: "opendesk-migrations"
-    version: "1.3.5"
+    version: "1.3.3"
    verify: true
  minio:
    # providerCategory: "Community"
@@ -232,7 +232,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud"
-    version: "3.4.1"
+    version: "3.3.4"
    verify: true
  nextcloudManagement:
    # providerCategory: "Platform"
@@ -242,7 +242,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-nextcloud"
    name: "opendesk-nextcloud-management"
-    version: "3.4.1"
+    version: "3.3.4"
    verify: true
  nginx:
    # providerCategory: "Community"
@@ -264,7 +264,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
    name: "nubus"
-    version: "0.64.2"
+    version: "0.62.2"
    verify: true
  opendeskKeycloakBootstrap:
    # providerCategory: "Platform"
@@ -274,7 +274,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-keycloak-bootstrap"
    name: "opendesk-keycloak-bootstrap"
-    version: "2.1.3"
+    version: "2.1.2"
    verify: true
  openproject:
    # providerCategory: "Supplier"
@@ -296,7 +296,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-openproject-bootstrap"
    name: "opendesk-openproject-bootstrap"
-    version: "2.1.1"
+    version: "2.0.0"
    verify: true
  openXchangeAppSuite:
    # providerCategory: "Supplier"
@@ -318,7 +318,7 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/charts/opendesk-open-xchange-bootstrap"
    name: "opendesk-open-xchange-bootstrap"
-    version: "2.1.2"
+    version: "2.0.0"
    verify: true
  otterize:
    # providerCategory: "Platform"
@@ -412,6 +412,6 @@ charts:
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/xwiki/charts-mirror"
    name: "xwiki"
-    version: "1.4.0"
+    version: "1.3.1"
    verify: false
 ...
--- a/helmfile/environments/default/cluster.yaml
+++ b/helmfile/environments/default/cluster.yaml
@@ -29,8 +29,6 @@ cluster:
    # The IP/DNS of your load-balancer will be fetched for some components from 'status' map of services.
    # Most providers use '.status.loadBalancer.ingress[0].ip' to store public ip. You can modify the chosen field here.
    loadBalancerStatusField: "ip"
-    # Network protocol options: "IPv4", "IPv6", "DualStack"
-    ipFamilies: "DualStack"

  container:
    # Used container engine in kubernetes cluster.
--- a/helmfile/environments/default/element.yaml
+++ b/helmfile/environments/default/element.yaml
@@ -0,0 +1,8 @@
+# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+# SPDX-License-Identifier: Apache-2.0
+---
+configuration:
+  homeserver:
+    guestModule:
+      enabled: false
+...
--- a/helmfile/environments/default/functional.yaml
+++ b/helmfile/environments/default/functional.yaml
@@ -98,11 +98,4 @@ functional:
        # If the LDAP entryUUID should be used for the localpart of user's MatrixIDs following setting must be `true`.
        useImmutableIdentifierForLocalpart: false

-  migration:
-    oxAppsuite:
-      # Note: Only available in openDesk Enterprise.
-      # Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using
-      # `secrets.oxAppsuite.migrationsMasterPassword`.
-      enabled: false
-
 ...
--- a/helmfile/environments/default/images.yaml
+++ b/helmfile/environments/default/images.yaml
@@ -79,7 +79,7 @@ images:
    # upstreamMirrorStartFrom: ["2", "1", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
-    tag: "2.4.0@sha256:df743b7ea30077dc941815ccc60198820d67bbba94853fa7a6f939c0f36af335"
+    tag: "2.2.0@sha256:6e02a3b06827d8f23615ea43ed87f510018b8ecf77b2a8404b1554077b1bdc6b"
  jibri:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
@@ -155,7 +155,7 @@ images:
    # upstreamMirrorStartFrom: ["1", "4", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/matrix-neoboard-widget"
-    tag: "1.20.0@sha256:e72bca018af1c0087587f6bcd1748c820ff520c8cf2a042b9b58354cdc878345"
+    tag: "1.20.0@sha256:868f8326f32a872138d3524fce63df580dbd99861f3c817918e130a70b01212f"
  matrixNeoChoiceWidget:
    # providerCategory: "Supplier"
    # providerResponsible: "Nordeck"
@@ -211,7 +211,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-migrations"
-    tag: "1.3.18@sha256:d7f13322cc9cc7ab157f926280070850b0dfc6169c93a306ec4c3cf7c21eff69"
+    tag: "1.3.10@sha256:8cdc1d497840bbf3a1d824969e471503b42b8d8fae0ad22c275947085fc3179a"
  milter:
    # providerCategory: "Community"
    # providerResponsible: "openDesk"
@@ -235,7 +235,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nextcloud"
-    tag: "2.2.2@sha256:90f8e64ef9156c87dbd9befef99c6e3222f87daa393231d393d728c5b64506ee"
+    tag: "2.2.0@sha256:a7ba27a7a8df4afae1937898ae64dbae6181629295bcb6b9bbd39fd9b8c25903"
  nextcloudExporter:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -253,7 +253,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "41", "5"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
-    tag: "0.73.0@sha256:9babbdd0879aed7da928bf5034bf5f311511a8d07c242d2b10d067cc5dc0fd41"
+    tag: "0.70.0@sha256:d1d916f11d3b035eb95b46fbc3da2f9c797f89d3f3ac56b9ab1c89482413bac6"
  nubusGuardianAuthorizationApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -395,7 +395,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/notifications-api"
-    tag: "0.42.2@sha256:ff744b2d5388bfc413a4d25108f37ba086d2a08cb14ceb02d17e93de003a1078"
+    tag: "0.40.1@sha256:1c18a88b3eefe421b6da1bbd8f569cbf54de3749d9285decaad186d9d28f520a"
  nubusOpendeskExtension:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -403,7 +403,7 @@ images:
    # upstreamRepository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
-    tag: "1.7.0@sha256:be8d1ec76e0d87a96fd08cf18fcec4afef2a5388567da866c482da6cf2c594ab"
+    tag: "1.6.9@sha256:70c2825e16f62d57ae371bc05f0089846fea8adc3a3ece2006d37d854f528852"
  nubusOpenPolicyAgent:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -433,7 +433,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "27", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-consumer"
-    tag: "0.42.2@sha256:5afee47e4d3d5f8bf51ffca66578a98318f49ee41e8f4b306cb75826b66a1804"
+    tag: "0.40.1@sha256:468b7785a0baff67dce184ecf66b048517d10587e8a877030b140efe4384f3fb"
  nubusPortalExtension:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -453,7 +453,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-frontend"
-    tag: "0.42.2@sha256:0339694a2b1a657a77bef2a65c85270cfec9c08e965550695b18c2360440cb65"
+    tag: "0.40.1@sha256:b5da1465146a18310c3e15ed6a35339127abb1cff858ac00779ff492fc8b21ed"
  nubusPortalServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -463,7 +463,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "4"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/portal-server"
-    tag: "0.42.2@sha256:00b45c354c421ad6bc0ee046444cc0a2caf633787c770cad60e7c06c4307a248"
+    tag: "0.40.1@sha256:ae1966abc103267d1399eef0a1ee53951d545309071a51283323c7f6d4c3e7cb"
  nubusProvisioningDispatcher:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -473,7 +473,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "14", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-dispatcher"
-    tag: "0.44.0@sha256:b7b9ee59c008bd8850bcfb6cb009ae47e6be43ed117116928374c721711b09ca"
+    tag: "0.43.1@sha256:c646a5888b0a146580bb451d5b04d738de915a7251d51b035ccc0edc9ec948e7"
  nubusProvisioningEventsAndConsumerApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -483,7 +483,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "14", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-events-and-consumer-api"
-    tag: "0.44.0@sha256:b87218dcd2db7539b786ff479cde9620939274d4365721531dc6075b6fcc19ea"
+    tag: "0.43.1@sha256:0e6a75695e2654be6aae895a9dc97b937b3c3bcb2d42fcbbdc8a9fc3ee3476c8"
  nubusProvisioningPrefill:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -493,7 +493,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "14", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-prefill"
-    tag: "0.44.0@sha256:86201a277164ceb9a8df3fd4c7fc28b0185cadf7962a937d88d9feb576e77da2"
+    tag: "0.43.1@sha256:92a24a3955ad16258f7c0a881d8b113fe29936defab041258c0b4735eeb21e1f"
  nubusProvisioningUdmListener:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -503,7 +503,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "14", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-listener"
-    tag: "0.44.0@sha256:03c8f03ca0fab92ecd3234d1f3fad3293629feae0123134641dad243f3ca328c"
+    tag: "0.42.0@sha256:123165dcf5a723fc1a3e88923a11f31784a1f6e66b3da15f20f11477cecbd3ac"
  nubusProvisioningUdmTransformer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -513,7 +513,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "14", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/provisioning-udm-transformer"
-    tag: "0.44.0@sha256:1aca5eaa575ab0ee7b9fa128de30050b748a182b53b7bcdc6293b58187f5416a"
+    tag: "0.43.1@sha256:33aa61b6f2ca23d6383b3b27fc9c5a23a8dfc39ccbdd127191d40a9c6b6337f5"
  nubusSelfServiceConsumer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -523,7 +523,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "3", "2"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/selfservice-invitation"
-    tag: "0.11.3@sha256:cd51246ae9436426bd7ee12bc85466cafc18a43ba05ab3ede35dfcf3a012656f"
+    tag: "0.11.1@sha256:3d6afb820f55272727ace7e7213f4b3a46bcc6c2c8c22aa45dd421a6daf33322"
  nubusUdmRestApi:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -533,7 +533,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "9", "3"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/udm-rest-api"
-    tag: "0.25.1@sha256:0078b16ecf5539e6f3c7e6d5a7ddb57937d3d2d143754fbd6d439a3a8741abe8"
+    tag: "0.24.0@sha256:113251d8052f69ac0c7af721954d1711231ca72de1ce6565bb86cdadf53a0ad9"
  nubusUmcGateway:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -543,7 +543,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "7", "3"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-gateway"
-    tag: "0.34.1@sha256:ab4ffccc182bae115dc8f264c051f1c23102b1416ac00709d95285218829ce39"
+    tag: "0.32.0@sha256:d47716784ea86659ef93b1e79b0edd72a69d5e8169704accaf6213f01d4e395e"
  nubusUmcServer:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -553,7 +553,7 @@ images:
    # upstreamMirrorStartFrom: ["0", "7", "3"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/univention/images-mirror/umc-server"
-    tag: "0.34.1@sha256:4addb518b7b622f0e82dbdde30bbb8d8da6cc197528268d2ad856635f3bbe64a"
+    tag: "0.32.0@sha256:e2b28d54e9b9c0a3f0267a631dd0f2b18e04a8f8438986b570a9c8a5ccb06001"
  nubusUmcServerProxy:
    # providerCategory: "Supplier"
    # providerResponsible: "Univention"
@@ -589,7 +589,7 @@ images:
    # upstreamMirrorStartFrom: ["13", "1", "1"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/openproject/images-mirror/open_desk"
-    tag: "14.6.1@sha256:3c9828b1ab4dc91f2b3887f9bfddda8ba79b92a2f335dd2db2295d14a98deab0"
+    tag: "14.5.1@sha256:b6f823a4f4ff6873a992506c5f5bd9fe54b89f5d4e0bfb60b5da7b6c3bff82e1"
  openprojectBootstrap:
    # providerCategory: "Platform"
    # providerResponsible: "openDesk"
@@ -796,7 +796,7 @@ images:
    # upstreamMirrorStartFrom: ["1", "0", "0"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/nordeck/images-mirror/synapse-guest-module"
-    tag: "2.0.0@sha256:0fb4ee93cf6fc58f3f3b2f7f8c95d5e6d259b9a5dc354bde516e441187819283"
+    tag: "1.0.0@sha256:6b3b17183a7d163148cc1bc5342604682ec67d898394fc743db2f339e61c722e"
  synapseWeb:
    # providerCategory: "Community"
    # providerResponsible: "Element"
@@ -822,5 +822,5 @@ images:
    # upstreamMirrorStartFrom: ["0", "12"]
    registry: "registry.opencode.de"
    repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/xwiki"
-    tag: "0.22-mariadb-jetty-alpine@sha256:ba29f44befc558c4a4d969f103b216c13a55194dbc532adc43567bee4943d65f"
+    tag: "0.19-mariadb-jetty-alpine@sha256:8590ee815bceb7764df681b9239b4606adc5b3750e4eff2d928b62dcd046a623"
 ...
--- a/helmfile/environments/default/replicas.yaml
+++ b/helmfile/environments/default/replicas.yaml
@@ -13,8 +13,7 @@ replicas:
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
  clamd: 1
  # -- scalable: true
-  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files
-  # centrally an should be a singleton.
+  # -- comment: clamav-distributed - You do not want to scale this service, as it just updates the signature files centrally an should be a singleton.
  freshclam: 1
  # -- scalable: true
  # -- comment: clamav-distributed - requires `ReadWriteMany` PVCs.
--- a/helmfile/environments/default/secrets.gotmpl
+++ b/helmfile/environments/default/secrets.gotmpl
@@ -7,7 +7,6 @@ SPDX-License-Identifier: Apache-2.0
 secrets:
  oxAppsuite:
    adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "admin_password" | sha1sum | quote }}
-    migrationsMasterPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "opendesk") "ox_appsuite" "migrations_master_password" | sha1sum | quote }}
    cookieHashSalt: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "cookie_hash_salt" | sha1sum | quote }}
    sessiondEncryptionKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "sessiond_encryptionkey" | sha1sum | quote }}
    shareCryptKey: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "ox_appsuite" "share_cryptkey" | sha1sum | quote }}
--- a/helmfile/environments/default/selinux.yaml
+++ b/helmfile/environments/default/selinux.yaml
@@ -59,8 +59,8 @@ seLinuxOptions:
  prosody: ~
  redis: ~
  synapse: ~
-  synapseCreateUser: ~
-  synapseGuestModule: ~
+  synapseCreateUser :  ~
+  synapseGuestModule :  ~
  synapseWeb: ~
  umsGuardianAuthorizationApi: ~
  umsGuardianManagementApi: ~
--- a/helmfile/shared/migrations.yaml.gotmpl
+++ b/helmfile/shared/migrations.yaml.gotmpl
@@ -10,10 +10,6 @@ global:
  imagePullSecrets:
    {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}

-additionalAnnotations:
-  argocd.argoproj.io/hook: "Sync"
-  argocd.argoproj.io/hook-delete-policy: "BeforeHookCreation"
-
 cleanup:
  deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
  keepPVCOnDelete: {{ .Values.debug.cleanup.keepPVCOnDelete }}
Author	SHA1	Message	Date
Milton Moura	f320da4bf8	fix(element): Bump NeoBoard Widget to v1.20.0 Signed-off-by: Milton Moura <miltonmoura@gmail.com>	2024-10-03 14:34:25 +00:00
Milton Moura	b4c70ad1ee	Move guest flag to defaults	2024-10-03 13:46:22 +00:00
Milton Moura	908423373b	fix(element): Disable Guest Users Signed-off-by: Milton Moura <miltonmoura@gmail.com>	2024-10-03 12:58:17 +00:00
Milton Moura	0e5c93ab64	fix(element): Fix license headers Signed-off-by: Milton Moura <miltonmoura@gmail.com>	2024-10-03 12:56:09 +00:00
Milton Moura	d8eb5d4838	fix(element): Update to Element Web v1.11.76 and NeoBoard v1.19.1 Signed-off-by: Milton Moura <miltonmoura@gmail.com>	2024-10-03 12:26:39 +00:00
Milton Moura	8a8dc5f5a7	fix(element): Reintroduce Widgets into Element Web Signed-off-by: Milton Moura <miltonmoura@gmail.com>	2024-10-03 12:26:39 +00:00