mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 07:21:36 +01:00
Compare commits
5 Commits
uv-jbornho
...
uv-jtorres
| Author | SHA1 | Date | |
|---|---|---|---|
|
d42a975f7f | ||
|
|
5bc4de68e8 | ||
|
|
b60fe39b5c | ||
|
|
c03566dd63 | ||
|
|
fbe4909a8e |
@@ -29,7 +29,7 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
|
||||
openDesk currently features the following functional main components:
|
||||
|
||||
| Function | Functional Component | Component<br/>Version | Upstream Documentation |
|
||||
| -------------------- | --------------------------- | ------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| -------------------- | --------------------------- |---------------------------------------------------------------------------------------| -------------------------------------------------------------------------------------------------------------------------------------------- |
|
||||
| Chat & collaboration | Element ft. Nordeck widgets | [1.11.67](https://github.com/element-hq/element-desktop/releases/tag/v1.11.67) | [For the most recent release](https://element.io/user-guide) |
|
||||
| Diagram editor | CryptPad ft. diagrams.net | [5.6.0](https://github.com/cryptpad/cryptpad/releases/tag/5.6.0) | [For the most recent release](https://docs.cryptpad.org/en/) |
|
||||
| File management | Nextcloud | [28.0.5](https://nextcloud.com/de/changelog/#28-0-5) | [Nextcloud 28](https://docs.nextcloud.com/) |
|
||||
|
||||
@@ -33,6 +33,7 @@ they need to be replaced in production deployments.
|
||||
| ClamAV (Simple) | Antivirus engine | Eval |
|
||||
| Collabora | Weboffice | Functional |
|
||||
| CryptPad | Weboffice | Functional |
|
||||
| dkimpy-milter | DKIM milter for Postfix | Eval |
|
||||
| Element | Secure communications platform | Functional |
|
||||
| Intercom Service | Cross service data exchange | Functional |
|
||||
| Jitsi | Videoconferencing | Functional |
|
||||
|
||||
@@ -60,16 +60,16 @@ The deployment is designed to deploy each application/service under a dedicated
|
||||
For your convenience, we recommend to create a `*.domain.tld` A-Record to your cluster ingress controller,
|
||||
otherwise you need to create an A-Record for each subdomain.
|
||||
|
||||
| Record name | Type | Value | Additional information |
|
||||
| ----------------------- | ---- | -------------------------------------------------- | ---------------------------------------------------------------------------------- |
|
||||
| *.domain.tld | A | IPv4 address of your Ingress Controller | |
|
||||
| *.domain.tld | AAAA | IPv6 address of your Ingress Controller | |
|
||||
| mail.domain.tld | A | IPv4 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix |
|
||||
| mail.domain.tld | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix |
|
||||
| domain.tld | MX | `10 mail.domain.tld` | |
|
||||
| domain.tld | TXT | `v=spf1 +a +mx +a:mail.domain.tld ~all` | Optional, use proper MTA record if present |
|
||||
| _dmarc.domain.tld | TXT | `v=DMARC1; p=quarantine` | Optional |
|
||||
| _matrix._tcp.domain.tld | SRV | `1 10 PORT matrix.domain.tld` | `PORT` is your NodePort/LoadBalancer port of `opendesk-synapse-federation` service |
|
||||
| Record name | Type | Value | Additional information |
|
||||
|-------------------------------|------|----------------------------------------------------|------------------------------------------------------------------|
|
||||
| *.domain.tld | A | IPv4 address of your Ingress Controller | |
|
||||
| *.domain.tld | AAAA | IPv6 address of your Ingress Controller | |
|
||||
| mail.domain.tld | A | IPv4 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix |
|
||||
| mail.domain.tld | AAAA | IPv6 address of your postfix NodePort/LoadBalancer | Optional mail should directly be delivered to openDesk's Postfix |
|
||||
| domain.tld | MX | `10 mail.domain.tld` | |
|
||||
| domain.tld | TXT | `v=spf1 +a +mx +a:mail.domain.tld ~all` | Optional, use proper MTA record if present |
|
||||
| _dmarc.domain.tld | TXT | `v=DMARC1; p=quarantine` | Optional |
|
||||
| default._domainkey.domain.tld | TXT | `v=DKIM1; k=rsa; h=sha256; ...` | Optional DKIM settings |
|
||||
|
||||
## Domain
|
||||
|
||||
@@ -263,6 +263,8 @@ To use the openDesk functionality with its web based user interface you need to
|
||||
|
||||
| Component | Description | Port | Type |
|
||||
| ------------------ | ----------------------- | ----: | ---: |
|
||||
| openDesk | Kubernetes Ingress | 80 | TCP |
|
||||
| openDesk | Kubernetes Ingress | 443 | TCP |
|
||||
| Jitsi Video Bridge | ICE Port for video data | 10000 | UDP |
|
||||
|
||||
#### Mail clients
|
||||
@@ -288,6 +290,20 @@ smtp:
|
||||
password: "secret"
|
||||
```
|
||||
|
||||
Enabling DKIM signing of emails helps to reduce spam and increases trust.
|
||||
openDesk ships dkimpy-milter as Postfix milter for signing mails.
|
||||
|
||||
```yaml
|
||||
dkimpy:
|
||||
enable: true
|
||||
dkim:
|
||||
key:
|
||||
value: |
|
||||
HzZs08QF1O7UiAkcM9T3U7rePPECtSFvWZIvyKqdg8E=
|
||||
selector: "default"
|
||||
useED25519: true # when false, RSA is used
|
||||
```
|
||||
|
||||
### TURN configuration
|
||||
|
||||
Some components (Jitsi, Element) use for direct communication a TURN server. You can configure your own TURN server with
|
||||
|
||||
@@ -50,15 +50,17 @@ configuration:
|
||||
url: null
|
||||
sender_localpart: ox-appsuite
|
||||
|
||||
presence:
|
||||
presence:
|
||||
enabled: {{ .Values.functional.dataProtection.matrixPresence.enabled }}
|
||||
|
||||
|
||||
smtp:
|
||||
senderAddress: "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.element }}.{{ end }}{{ .Values.global.domain }}"
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port }}
|
||||
username: {{ .Values.smtp.username | quote }}
|
||||
password: {{ .Values.smtp.password | quote }}
|
||||
senderAddress: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
port: 25
|
||||
tls: false
|
||||
starttls: false
|
||||
username: ""
|
||||
password: ""
|
||||
|
||||
oidc:
|
||||
clientId: "opendesk-matrix"
|
||||
|
||||
@@ -67,26 +67,6 @@ ingress:
|
||||
enabled: {{ .Values.ingress.tls.enabled }}
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
provisioning:
|
||||
enabled: true
|
||||
config:
|
||||
nubusBaseUrl: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}"
|
||||
keycloak:
|
||||
url: "http://ums-keycloak:8080"
|
||||
username: "kcadmin"
|
||||
realm: {{ .Values.platform.realm | quote }}
|
||||
connection:
|
||||
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
baseUrl: "http://ums-keycloak:8080"
|
||||
credentialSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
key: "admin_password"
|
||||
ics_client:
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
credentialSecret:
|
||||
key: "ics_secret"
|
||||
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
|
||||
@@ -75,14 +75,17 @@ configuration:
|
||||
value: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
smtp:
|
||||
auth:
|
||||
enabled: false
|
||||
username:
|
||||
value: {{ .Values.smtp.username | quote }}
|
||||
value: ""
|
||||
password:
|
||||
value: {{ .Values.smtp.password | quote }}
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port | quote }}
|
||||
value: ""
|
||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
port: 25
|
||||
fromAddress: {{ .Values.smtp.localpartNoReply | quote }}
|
||||
mailDomain: "{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.nextcloud }}.{{ end }}{{ .Values.global.domain }}"
|
||||
mailDomain: "{{ .Values.global.domain }}"
|
||||
security: ""
|
||||
skipVerifyPeer: true
|
||||
quota:
|
||||
default: "{{ .Values.functional.filestore.quota.default }} GB"
|
||||
retentionObligation:
|
||||
|
||||
@@ -38,7 +38,7 @@ global:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/opendesk-nubus"
|
||||
imagePullPolicy: "IfNotPresent"
|
||||
tag: "1.2.0"
|
||||
tag: "1.1.0"
|
||||
|
||||
# -- Allows to configure the system extensions to load. This is intended for
|
||||
# internal usage, prefer to use `global.extensions` for user configured
|
||||
@@ -83,15 +83,9 @@ keycloak:
|
||||
|
||||
nubusGuardian:
|
||||
provisioning:
|
||||
enabled: true
|
||||
enabled: false
|
||||
config:
|
||||
nubusBaseUrl: {{ printf "https://portal.%s" .Values.global.domain }}
|
||||
keycloak:
|
||||
realm: {{ .Values.platform.realm | quote }}
|
||||
username: "kcadmin"
|
||||
connection:
|
||||
host: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
baseUrl: "http://ums-keycloak:8080"
|
||||
credentialSecret:
|
||||
name: "ums-opendesk-keycloak-credentials"
|
||||
key: "admin_password"
|
||||
@@ -158,10 +152,13 @@ nubusKeycloakExtensions:
|
||||
key: "umcKeycloakExtensionsDatabasePassword"
|
||||
smtp:
|
||||
connection:
|
||||
host: {{ .Values.smtp.host | quote }}
|
||||
port: {{ .Values.smtp.port | quote }}
|
||||
host: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
port: 25
|
||||
ssl: false
|
||||
starttls: false
|
||||
auth:
|
||||
username: {{ .Values.smtp.username | quote }}
|
||||
enabled: false
|
||||
username: ""
|
||||
credentialSecret:
|
||||
name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
||||
key: "umcKeycloakExtensionsSmtpPassword"
|
||||
@@ -169,7 +166,7 @@ nubusKeycloakExtensions:
|
||||
appConfig:
|
||||
logLevel: {{ if .Values.debug.enabled }}"DEBUG"{{ else }}"WARN"{{ end }}
|
||||
newDeviceLoginSubject: "New device login on your {{ .Values.theme.texts.productName }} account"
|
||||
mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.keycloak }}.{{ end }}{{ .Values.global.domain }}"
|
||||
mailFrom: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
|
||||
nubusPortalListener:
|
||||
portalListener:
|
||||
@@ -212,44 +209,6 @@ nubusStackDataUms:
|
||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||
umcHtmlTitle: "openDesk Portal"
|
||||
installUmcPolicies: true
|
||||
templateContext:
|
||||
portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
|
||||
portalRealtimeVideoconferenceLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.jitsi .Values.global.domain }}
|
||||
portalManagementProjectLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openproject .Values.global.domain }}
|
||||
portalManagementKnowledgeLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.xwiki .Values.global.domain }}
|
||||
portalGroupwareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.openxchange .Values.global.domain }}
|
||||
portalFileshareLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.nextcloud .Values.global.domain }}
|
||||
portalTitleDE: "openDesk Portal"
|
||||
portalTitleEN: "openDesk Portal"
|
||||
oxDefaultContext: "1"
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||
- username: {{ printf "ldapsearch_%s" $username | quote }}
|
||||
password: {{ $password | quote }}
|
||||
lastname: "LDAP-Search-User"
|
||||
{{- end }}
|
||||
portaltileGroupUserStandard:
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupUserAdmin:
|
||||
- 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Support,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupUserAll:
|
||||
- 'cn=Domain Admins,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
- 'cn=Domain Users,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupGroupware:
|
||||
- 'cn=managed-by-attribute-Groupware,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupFileshare:
|
||||
- 'cn=managed-by-attribute-Fileshare,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupManagementProject:
|
||||
- 'cn=managed-by-attribute-Projectmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupManagementKnowledge:
|
||||
- 'cn=managed-by-attribute-Knowledgemanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupManagementLearn:
|
||||
- 'cn=managed-by-attribute-Learnmanagement,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
portaltileGroupLiveCollaboration:
|
||||
- 'cn=managed-by-attribute-Livecollaboration,cn=groups,{{ .Values.ldap.baseDn }}'
|
||||
|
||||
nubusUmcServer:
|
||||
memcached:
|
||||
auth:
|
||||
@@ -257,6 +216,12 @@ nubusStackDataUms:
|
||||
|
||||
# TODO: Remove values when upstreaming fixes
|
||||
nubusStackDataSwp:
|
||||
stackDataSwp:
|
||||
{{- if .Values.functional.admin.portal.deploymentInformation.enabled }}
|
||||
systemInformation:
|
||||
deployDate: "Deployed: {{ now | date "2006-01-02T15:04:05-0700" }}"
|
||||
releaseVersion: "Release: {{ .Values.global.systemInformation.releaseVersion }}"
|
||||
{{- end }}
|
||||
stackDataContext:
|
||||
ldapSearchUsers:
|
||||
{{- range $username, $password := .Values.secrets.nubus.ldapSearch }}
|
||||
@@ -265,9 +230,10 @@ nubusStackDataSwp:
|
||||
lastname: "LDAP-Search-User"
|
||||
{{- end }}
|
||||
externalMailDomain: {{ .Values.global.mailDomain | default .Values.global.domain }}
|
||||
smtpHost: {{ .Values.smtp.host | quote }}
|
||||
smtpPort: {{ .Values.smtp.port | quote }}
|
||||
smtpUser: {{ .Values.smtp.username | quote }}
|
||||
smtpHost: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
smtpPort: 25
|
||||
smtpUser: ""
|
||||
smtpStartTls: false
|
||||
ldapBase: {{ .Values.ldap.baseDn }}
|
||||
# FIXME: Should be templated correctly in the future
|
||||
portalRealtimeCollaborationLinkBase: {{ printf "https://%s.%s" .Values.global.hosts.element .Values.global.domain }}
|
||||
@@ -353,7 +319,7 @@ extraSecrets:
|
||||
umcKeycloakExtensionsDatabasePassword: {{ .Values.databases.keycloakExtension.password | default .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
- name: "ums-keycloak-extensions-smtp-opendesk-credentials"
|
||||
stringData:
|
||||
umcKeycloakExtensionsSmtpPassword: {{ .Values.smtp.password | quote }}
|
||||
umcKeycloakExtensionsSmtpPassword: ""
|
||||
- name: "ums-portal-server-minio-opendesk-credentials"
|
||||
stringData:
|
||||
access-key-id: {{ .Values.objectstores.nubus.username | quote }}
|
||||
@@ -364,4 +330,4 @@ extraSecrets:
|
||||
secret-key-id: {{ .Values.objectstores.nubus.secretKey | default .Values.secrets.minio.umsUser | quote }}
|
||||
- name: "ums-umc-server-smtp-credentials-custom"
|
||||
stringData:
|
||||
password: {{ .Values.smtp.password | quote }}
|
||||
password: ""
|
||||
|
||||
@@ -171,6 +171,15 @@ nubusUmcGateway:
|
||||
replicaCount: {{ .Values.replicas.umsUmcGateway }}
|
||||
resources:
|
||||
{{ .Values.resources.umsUmcGateway | toYaml | nindent 4 }}
|
||||
extraVolumes:
|
||||
- name: "entrypoint-swp-patches"
|
||||
configMap:
|
||||
name: "ums-stack-data-swp-umc-gateway-entrypoint"
|
||||
defaultMode: 0555
|
||||
extraVolumeMounts:
|
||||
- name: "entrypoint-swp-patches"
|
||||
mountPath: "/entrypoint.d/90-swp.sh"
|
||||
subPath: "90-swp.sh"
|
||||
|
||||
nubusKeycloakBootstrap:
|
||||
podAnnotations:
|
||||
|
||||
@@ -193,11 +193,6 @@ nubusUmcServer:
|
||||
registry: {{ .Values.images.nubusUmcServer.registry }}
|
||||
repository: {{ .Values.images.nubusUmcServer.repository }}
|
||||
tag: {{ .Values.images.nubusUmcServer.tag }}
|
||||
proxy:
|
||||
image:
|
||||
registry: {{ .Values.images.nubusUmcServerProxy.registry }}
|
||||
repository: {{ .Values.images.nubusUmcServerProxy.repository }}
|
||||
tag: {{ .Values.images.nubusUmcServerProxy.tag }}
|
||||
|
||||
nubusWaitForDependency:
|
||||
image:
|
||||
|
||||
@@ -28,7 +28,8 @@ config:
|
||||
{{ .Values.functional.authentication.oidc.clients | toYaml | nindent 6 }}
|
||||
managed:
|
||||
clientScopes: [ 'acr', 'web-origins', 'email', 'profile', 'microprofile-jwt', 'role_list', 'offline_access', 'roles', 'address', 'phone' ]
|
||||
clients: [ 'UMC', 'guardian-management-api', 'guardian-scripts', 'guardian-ui', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
|
||||
# 'guardian-management-api', 'guardian-scripts', 'guardian-ui' clients have been added explicitly for the moment (see further down this file)
|
||||
clients: [ 'UMC', '${client_account}', '${client_account-console}', '${client_admin-cli}', '${client_broker}', '${client_realm-management}', '${client_security-admin-console}' ]
|
||||
keycloak:
|
||||
adminUser: "kcadmin"
|
||||
adminPassword: {{ .Values.secrets.keycloak.adminPassword | quote }}
|
||||
@@ -388,6 +389,60 @@ config:
|
||||
backchannel.logout.session.required: false
|
||||
defaultClientScopes:
|
||||
- "opendesk-dovecot-scope"
|
||||
- name: "opendesk-intercom"
|
||||
clientId: "opendesk-intercom"
|
||||
protocol: "openid-connect"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.intercom | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/callback"
|
||||
consentRequired: false
|
||||
frontchannelLogout: false
|
||||
publicClient: false
|
||||
authorizationServicesEnabled: false
|
||||
attributes:
|
||||
backchannel.logout.session.required: true
|
||||
backchannel.logout.revoke.offline.tokens: true
|
||||
backchannel.logout.url: "https://{{ .Values.global.hosts.intercomService }}.{{ .Values.global.domain }}/backchannel-logout"
|
||||
protocolMappers:
|
||||
- name: "intercom-audience"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "opendesk-intercom"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
# temporary additional claim while entryuuid is a hardcoded attribute in IntercomService and we cannot set
|
||||
# it to `opendesk_useruuid` standard claim. For reference:
|
||||
# https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/app.js#L89
|
||||
- name: "entryuuid_temp"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "entryUUID"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "entryuuid"
|
||||
jsonType.label: "String"
|
||||
# temporary additional claim while phoenixusername is a hardcoded attribute in IntercomService and we cannot
|
||||
# set it to `opendesk_username` standard claim. For reference:
|
||||
# https://github.com/univention/intercom-service/blob/cd819b6ced6433e532e74a8878943d05412c1416/intercom/routes/navigation.js#L27
|
||||
- name: "phoenixusername_temp"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "phoenixusername"
|
||||
jsonType.label: "String"
|
||||
defaultClientScopes:
|
||||
- "offline_access"
|
||||
- name: "opendesk-jitsi"
|
||||
clientId: "opendesk-jitsi"
|
||||
protocol: "openid-connect"
|
||||
@@ -516,6 +571,296 @@ config:
|
||||
post.logout.redirect.uris: "https://{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}/*##https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/*"
|
||||
defaultClientScopes:
|
||||
- "opendesk-xwiki-scope"
|
||||
- name: "guardian-management-api"
|
||||
clientId: "guardian-management-api"
|
||||
rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
protocol: "openid-connect"
|
||||
publicClient: false
|
||||
clientAuthenticatorType: "client-secret"
|
||||
secret: {{ .Values.secrets.keycloak.clientSecret.guardian | quote }}
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/guardian/*"
|
||||
fullScopeAllowed: true
|
||||
standardFlowEnabled: true
|
||||
implicitFlowEnabled: false
|
||||
directAccessGrantsEnabled: false
|
||||
serviceAccountsEnabled: true
|
||||
protocolMappers:
|
||||
- name: "Client Host"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usersessionmodel-note-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
user.session.note: "clientHost"
|
||||
userinfo.token.claim: true
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "clientHost"
|
||||
jsonType.label: "String"
|
||||
- name: "Client ID"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usersessionmodel-note-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
user.session.note: "client_id"
|
||||
userinfo.token.claim: true
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "client_id"
|
||||
jsonType.label: "String"
|
||||
- name: "guardian-audience"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "guardian"
|
||||
userinfo.token.claim: false
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
- name: "audiencemap"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "guardian-cli"
|
||||
userinfo.token.claim: true
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
- name: "dn"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: false
|
||||
user.attribute: "LDAP_ENTRY_DN"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
claim.name: "dn"
|
||||
jsonType.label: "String"
|
||||
- name: "username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-property-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "username"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "preferred_username"
|
||||
jsonType.label: "String"
|
||||
- name: "uid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "uid"
|
||||
jsonType.label: "String"
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-property-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "Client IP Address"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usersessionmodel-note-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
user.session.note: "clientAddress"
|
||||
userinfo.token.claim: true
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "clientAddress"
|
||||
jsonType.label: "String"
|
||||
- name: "guardian-scripts"
|
||||
clientId: "guardian-scripts"
|
||||
description: ""
|
||||
rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
adminUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
surrogateAuthRequired: false
|
||||
enabled: true
|
||||
alwaysDisplayInConsole: false
|
||||
clientAuthenticatorType: "client-secret"
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/guardian/*"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/guardian/*"
|
||||
webOrigins:
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
bearerOnly: false
|
||||
consentRequired: false
|
||||
standardFlowEnabled: true
|
||||
implicitFlowEnabled: false
|
||||
directAccessGrantsEnabled: true
|
||||
serviceAccountsEnabled: false
|
||||
publicClient: true
|
||||
frontchannelLogout: false
|
||||
protocol: "openid-connect"
|
||||
fullScopeAllowed: true
|
||||
protocolMappers:
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-property-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "guardian-audience"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "guardian"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: false
|
||||
- name: "username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-property-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "username"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "preferred_username"
|
||||
jsonType.label: "String"
|
||||
- name: "uid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "uid"
|
||||
jsonType.label: "String"
|
||||
- name: "audiencemap"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "guardian-scripts"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
- name: "dn"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
aggregate.attrs: false
|
||||
multivalued: false
|
||||
userinfo.token.claim: false
|
||||
user.attribute: "LDAP_ENTRY_DN"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
claim.name: "dn"
|
||||
jsonType.label: "String"
|
||||
defaultClientScopes:
|
||||
- "web-origins"
|
||||
- "acr"
|
||||
- "roles"
|
||||
- "profile"
|
||||
- "email"
|
||||
optionalClientScopes:
|
||||
- "address"
|
||||
- "phone"
|
||||
- "offline_access"
|
||||
- "microprofile-jwt"
|
||||
- name: "guardian-ui"
|
||||
clientId: "guardian-ui"
|
||||
rootUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
baseUrl: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
clientAuthenticatorType: "client-secret"
|
||||
redirectUris:
|
||||
- "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/guardian/*"
|
||||
standardFlowEnabled: true
|
||||
publicClient: true
|
||||
implicitFlowEnabled: false
|
||||
directAccessGrantsEnabled: false
|
||||
serviceAccountsEnabled: false
|
||||
protocol: "openid-connect"
|
||||
fullScopeAllowed: true
|
||||
protocolMappers:
|
||||
- name: "uid"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "uid"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "uid"
|
||||
jsonType.label: "String"
|
||||
- name: "username"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-property-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "username"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "preferred_username"
|
||||
jsonType.label: "String"
|
||||
- name: "dn"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-attribute-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: "false"
|
||||
user.attribute: "LDAP_ENTRY_DN"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
claim.name: "dn"
|
||||
jsonType.label: "String"
|
||||
- name: "audiencemap"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "guardian"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: true
|
||||
- name: "email"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-usermodel-property-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
userinfo.token.claim: true
|
||||
user.attribute: "email"
|
||||
id.token.claim: true
|
||||
access.token.claim: true
|
||||
claim.name: "email"
|
||||
jsonType.label: "String"
|
||||
- name: "guardian-audience"
|
||||
protocol: "openid-connect"
|
||||
protocolMapper: "oidc-audience-mapper"
|
||||
consentRequired: false
|
||||
config:
|
||||
included.client.audience: "guardian"
|
||||
id.token.claim: false
|
||||
access.token.claim: true
|
||||
userinfo.token.claim: false
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
|
||||
@@ -36,7 +36,7 @@ dovecot:
|
||||
submission:
|
||||
enabled: true
|
||||
ssl: "no"
|
||||
host: "postfix:25"
|
||||
host: "{{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain }}:25"
|
||||
|
||||
certificate:
|
||||
secretName: {{ .Values.ingress.tls.secretName | quote }}
|
||||
|
||||
@@ -59,15 +59,15 @@ environment:
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__SECRET: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
OPENPROJECT_SOUVAP__NAVIGATION__URL: "https://{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}/univention/portal/navigation.json?base=https%3A//{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__DOMAIN: {{ .Values.global.mailDomain | default .Values.global.domain | quote }}
|
||||
OPENPROJECT_SMTP__USER__NAME: {{ .Values.smtp.username | quote }}
|
||||
OPENPROJECT_SMTP__PASSWORD: {{ .Values.smtp.password | quote }}
|
||||
OPENPROJECT_SMTP__PORT: {{ .Values.smtp.port | quote }}
|
||||
OPENPROJECT_SMTP__USER__NAME: ""
|
||||
OPENPROJECT_SMTP__PASSWORD: ""
|
||||
OPENPROJECT_SMTP__PORT: 25
|
||||
OPENPROJECT_SMTP__SSL: "false" # (default=false)
|
||||
OPENPROJECT_SMTP__ADDRESS: {{ .Values.smtp.host | quote }}
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "plain"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "true"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "peer"
|
||||
OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.openproject }}.{{ end }}{{ .Values.global.domain }}"
|
||||
OPENPROJECT_SMTP__ADDRESS: {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
OPENPROJECT_SMTP__AUTHENTICATION: "none"
|
||||
OPENPROJECT_SMTP__ENABLE__STARTTLS__AUTO: "false"
|
||||
OPENPROJECT_SMTP__OPENSSL__VERIFY__MODE: "none"
|
||||
OPENPROJECT_MAIL__FROM: "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.nubus .Values.global.domain | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
|
||||
@@ -57,6 +57,17 @@ repositories:
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.mariadb.registry }}/\
|
||||
{{ .Values.charts.mariadb.repository }}"
|
||||
|
||||
# openDesk dkimpy-milter
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-dkimpy-milter
|
||||
- name: "dkimpy-repo"
|
||||
keyring: "../../files/gpg-pubkeys/opencode.gpg"
|
||||
verify: {{ .Values.charts.dkimpy.verify }}
|
||||
username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" | quote }}
|
||||
password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" | quote }}
|
||||
oci: true
|
||||
url: "{{ .Values.global.helmRegistry | default .Values.charts.dkimpy.registry }}/\
|
||||
{{ .Values.charts.dkimpy.repository }}"
|
||||
|
||||
# openDesk Postfix
|
||||
# https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-postfix
|
||||
- name: "postfix-repo"
|
||||
@@ -178,6 +189,14 @@ releases:
|
||||
installed: {{ .Values.postfix.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "opendesk-dkimpy-milter"
|
||||
chart: "dkimpy-repo/{{ .Values.charts.dkimpy.name }}"
|
||||
version: "{{ .Values.charts.dkimpy.version }}"
|
||||
values:
|
||||
- "values-dkimpy.yaml.gotmpl"
|
||||
installed: {{ .Values.dkimpy.enabled }}
|
||||
timeout: 900
|
||||
|
||||
- name: "clamav"
|
||||
chart: "clamav-repo/{{ .Values.charts.clamav.name }}"
|
||||
version: "{{ .Values.charts.clamav.version }}"
|
||||
|
||||
44
helmfile/apps/services/values-dkimpy.yaml.gotmpl
Normal file
44
helmfile/apps/services/values-dkimpy.yaml.gotmpl
Normal file
@@ -0,0 +1,44 @@
|
||||
# SPDX-FileCopyrightText: Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: true
|
||||
capabilities: {}
|
||||
enabled: true
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
privileged: false
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.dkimpy | toYaml | nindent 4 }}
|
||||
|
||||
global:
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | default .Values.images.dkimpy.registry | quote }}
|
||||
repository: {{ .Values.images.dkimpy.repository | quote }}
|
||||
tag: {{ .Values.images.dkimpy.tag | quote }}
|
||||
imagePullPolicy: {{ .Values.global.imagePullPolicy | quote }}
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
|
||||
configuration:
|
||||
domain: "{{ .Values.global.domain }}{{ if .Values.global.mailDomain }}, {{ .Values.global.mailDomain }}{{ end }}"
|
||||
key:
|
||||
{{ .Values.smtp.dkim.key | toYaml | nindent 4 }}
|
||||
mode: "s"
|
||||
selector: {{ .Values.smtp.dkim.selector }}
|
||||
useED25519: {{ .Values.smtp.dkim.useED25519 }}
|
||||
|
||||
replicaCount: {{ .Values.replicas.dkimpy }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.dkimpy | toYaml | nindent 2 }}
|
||||
...
|
||||
@@ -3,6 +3,7 @@
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
@@ -35,19 +36,32 @@ job:
|
||||
retries: 10
|
||||
wait: 30
|
||||
users:
|
||||
- username: "xwiki_user"
|
||||
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
|
||||
- username: "openxchange_user"
|
||||
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
|
||||
- username: "nextcloud_user"
|
||||
- username: {{ .Values.databases.nextcloud.username | quote }}
|
||||
password: {{ .Values.secrets.mariadb.nextcloudUser | quote}}
|
||||
connectionLimit: {{ .Values.databases.nextcloud.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
# OX and XWiki are using the db's `root` users (see `database.yaml`). So we are statically referencing their dedicated
|
||||
# users for the moment.
|
||||
- username: "openxchange_user"
|
||||
# - username: {{ .Values.databases.xwiki.username | quote }}
|
||||
password: {{ .Values.secrets.mariadb.openxchangeUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.oxAppsuite.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: "xwiki_user"
|
||||
# - username: {{ .Values.databases.oxAppsuite.username | quote }}
|
||||
password: {{ .Values.secrets.mariadb.xwikiUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.xwiki.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
databases:
|
||||
- name: "xwiki"
|
||||
user: "xwiki_user"
|
||||
- name: "nextcloud"
|
||||
user: "nextcloud_user"
|
||||
- name: {{ .Values.databases.nextcloud.name | quote }}
|
||||
user: {{ .Values.databases.nextcloud.username | quote }}
|
||||
# OX and XWiki are using the db's `root` users (see `database.yaml`). So we are statically referencing their dedicated
|
||||
# users for the moment.
|
||||
- name: "openxchange"
|
||||
user: "openxchange_user"
|
||||
# - name: {{ .Values.databases.oxAppsuite.name | quote }}
|
||||
# user: {{ .Values.databases.oxAppsuite.username | quote }}
|
||||
- name: "xwiki"
|
||||
user: "xwiki_user"
|
||||
# - name: {{ .Values.databases.xwiki.name | quote }}
|
||||
# user: {{ .Values.databases.xwiki.username | quote }}
|
||||
|
||||
mariadb:
|
||||
rootPassword: {{ .Values.secrets.mariadb.rootPassword | quote }}
|
||||
|
||||
@@ -85,7 +85,8 @@ persistence:
|
||||
provisioning:
|
||||
enabled: true
|
||||
cleanupAfterFinished:
|
||||
enabled: true
|
||||
enabled: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
seconds: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
extraCommands:
|
||||
- "mc anonymous set download provisioning/ums/portal-assets"
|
||||
buckets:
|
||||
|
||||
@@ -49,6 +49,9 @@ postfix:
|
||||
- fileName: "sasl_passwd.map"
|
||||
content:
|
||||
- {{ printf "%s %s:%s" .Values.smtp.host .Values.smtp.username .Values.smtp.password | quote }}
|
||||
{{- if .Values.dkimpy.enabled }}
|
||||
dkimpyHost: "opendesk-dkimpy-milter.{{ .Release.Namespace }}.svc.{{.Values.cluster.networking.domain }}:8892"
|
||||
{{- end }}
|
||||
rspamdHost: ""
|
||||
relayHost: {{ if .Values.smtp.host }}{{ printf "[%s]:%d" .Values.smtp.host .Values.smtp.port | quote }}{{ else }}""{{ end }}
|
||||
relayNets: {{ join " " .Values.cluster.networking.cidr | quote }}
|
||||
|
||||
@@ -1,6 +1,10 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.debug.cleanup.deletePodsOnSuccess }}
|
||||
deletePodsOnSuccessTimeout: {{ .Values.debug.cleanup.deletePodsOnSuccessTimeout }}
|
||||
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
@@ -17,8 +21,6 @@ containerSecurityContext:
|
||||
seLinuxOptions:
|
||||
{{ .Values.seLinuxOptions.postgresql | toYaml | nindent 4 }}
|
||||
|
||||
job:
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1001
|
||||
@@ -43,36 +45,43 @@ image:
|
||||
|
||||
job:
|
||||
users:
|
||||
- username: "keycloak_user"
|
||||
- username: {{ .Values.databases.keycloak.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakUser | quote }}
|
||||
- username: "openproject_user"
|
||||
connectionLimit: {{ .Values.databases.keycloak.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.openproject.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.openprojectUser | quote }}
|
||||
- username: "keycloak_extensions_user"
|
||||
connectionLimit: {{ .Values.databases.openproject.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.keycloakExtensionUser | quote }}
|
||||
- username: "matrix_user"
|
||||
connectionLimit: {{ .Values.databases.keycloakExtension.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.synapse.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.matrixUser | quote }}
|
||||
- username: "notificationsapi_user"
|
||||
connectionLimit: {{ .Values.databases.synapse.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsNotificationsApiUser | quote }}
|
||||
- username: "guardianmanagementapi_user"
|
||||
connectionLimit: {{ .Values.databases.umsNotificationsApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsGuardianManagementApiUser | quote }}
|
||||
- username: "selfservice_user"
|
||||
connectionLimit: {{ .Values.databases.umsGuardianManagementApi.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
- username: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
password: {{ .Values.secrets.postgresql.umsSelfserviceUser | quote }}
|
||||
connectionLimit: {{ .Values.databases.umsSelfservice.connectionLimit | default .Values.databases.defaults.userConnectionLimit }}
|
||||
databases:
|
||||
- name: "keycloak"
|
||||
user: "keycloak_user"
|
||||
- name: "keycloak_extensions"
|
||||
user: "keycloak_extensions_user"
|
||||
- name: "openproject"
|
||||
user: "openproject_user"
|
||||
- name: "matrix"
|
||||
user: "matrix_user"
|
||||
- name: {{ .Values.databases.keycloak.name | quote }}
|
||||
user: {{ .Values.databases.keycloak.username | quote }}
|
||||
- name: {{ .Values.databases.keycloakExtension.name | quote }}
|
||||
user: {{ .Values.databases.keycloakExtension.username | quote }}
|
||||
- name: {{ .Values.databases.openproject.name | quote }}
|
||||
user: {{ .Values.databases.openproject.username | quote }}
|
||||
- name: {{ .Values.databases.synapse.name | quote }}
|
||||
user: {{ .Values.databases.synapse.username | quote }}
|
||||
additionalParams: "ENCODING 'UTF8' LC_COLLATE='C' LC_CTYPE='C' template=template0"
|
||||
- name: "guardianmanagementapi"
|
||||
user: "guardianmanagementapi_user"
|
||||
- name: "notificationsapi"
|
||||
user: "notificationsapi_user"
|
||||
- name: "selfservice"
|
||||
user: "selfservice_user"
|
||||
- name: {{ .Values.databases.umsGuardianManagementApi.name | quote }}
|
||||
user: {{ .Values.databases.umsGuardianManagementApi.username | quote }}
|
||||
- name: {{ .Values.databases.umsNotificationsApi.name | quote }}
|
||||
user: {{ .Values.databases.umsNotificationsApi.username | quote }}
|
||||
- name: {{ .Values.databases.umsSelfservice.name | quote }}
|
||||
user: {{ .Values.databases.umsSelfservice.username | quote }}
|
||||
|
||||
persistence:
|
||||
storageClass: {{ .Values.persistence.storageClassNames.RWO | quote }}
|
||||
|
||||
@@ -137,12 +137,10 @@ properties:
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.server": "{{ .Values.global.hosts.xwiki }}.{{ .Values.global.domain }}"
|
||||
"property:xwiki:XWiki.XWikiServerXwiki^XWiki.XWikiServerClass.port": 443
|
||||
## SMTP settings
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ if .Values.functional.email.systemGenerated.useComponentInSenderdomain }}{{ .Values.global.hosts.xwiki }}.{{ end }}{{ .Values.global.domain }}"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ .Values.smtp.host | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": {{ .Values.smtp.port | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.username": {{ .Values.smtp.username | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.password": {{ .Values.smtp.password | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=true"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.from": "{{ .Values.smtp.localpartNoReply }}@{{ .Values.global.domain }}"
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.host": {{ printf "%s.%s.svc.%s" "postfix" (.Values.postfix.namespace | default .Release.Namespace) .Values.cluster.networking.domain | quote }}
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.port": 25
|
||||
"property:xwiki:Mail.MailConfig^Mail.SendMailConfigClass.properties": "mail.smtp.starttls.enable=false"
|
||||
## Link LDAP users and users authenticated through OIDC
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.addOIDCObject": 1
|
||||
"property:xwiki:LDAPUserImport.WebHome^LDAPUserImport.LDAPUserImportConfigClass.OIDCIssuer": "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}"
|
||||
|
||||
@@ -60,6 +60,18 @@ charts:
|
||||
name: "cryptpad"
|
||||
version: "0.0.19"
|
||||
verify: true
|
||||
dkimpy:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/charts/opendesk-dkimpy-milter/opendesk-dkimpy-milter"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["1", "0", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-dkimpy-milter"
|
||||
name: "opendesk-dkimpy-milter"
|
||||
version: "1.0.0"
|
||||
verify: true
|
||||
dovecot:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -78,7 +90,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-element"
|
||||
version: "3.3.0"
|
||||
version: "3.3.2"
|
||||
verify: true
|
||||
elementWellKnown:
|
||||
# providerCategory: "Platform"
|
||||
@@ -88,7 +100,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-well-known"
|
||||
version: "3.3.0"
|
||||
version: "3.3.2"
|
||||
verify: true
|
||||
home:
|
||||
# providerCategory: "Platform"
|
||||
@@ -107,11 +119,11 @@ charts:
|
||||
# upstreamRepository: "nubus/charts/intercom-service"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["2", "0", "1"]
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus/charts"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/charts-mirror"
|
||||
name: "intercom-service"
|
||||
version: "0.8.0"
|
||||
verify: false
|
||||
version: "2.0.1"
|
||||
verify: true
|
||||
jitsi:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -130,7 +142,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-mariadb"
|
||||
name: "mariadb"
|
||||
version: "2.2.1"
|
||||
version: "2.3.1"
|
||||
verify: true
|
||||
matrixNeoboardWidget:
|
||||
# providerCategory: "Platform"
|
||||
@@ -180,7 +192,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-matrix-user-verification-service"
|
||||
version: "3.3.0"
|
||||
version: "3.3.2"
|
||||
verify: true
|
||||
memcached:
|
||||
# providerCategory: "Community"
|
||||
@@ -254,7 +266,7 @@ charts:
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus-dev/charts"
|
||||
name: "nubus"
|
||||
version: "0.39.1-post-jbornhold-fix-e2e-test-configuration"
|
||||
version: "0.40.0-pre-jtorres-create-readonly-user"
|
||||
verify: true
|
||||
opendeskKeycloakBootstrap:
|
||||
# providerCategory: "Platform"
|
||||
@@ -340,7 +352,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postfix"
|
||||
name: "postfix"
|
||||
version: "2.2.0"
|
||||
version: "2.3.0"
|
||||
verify: true
|
||||
postgresql:
|
||||
# providerCategory: "Platform"
|
||||
@@ -350,7 +362,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-postgresql"
|
||||
name: "postgresql"
|
||||
version: "2.0.5"
|
||||
version: "2.1.1"
|
||||
verify: true
|
||||
redis:
|
||||
# providerCategory: "Community"
|
||||
@@ -370,7 +382,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse"
|
||||
version: "3.3.0"
|
||||
version: "3.3.2"
|
||||
verify: true
|
||||
synapseCreateAccount:
|
||||
# providerCategory: "Platform"
|
||||
@@ -380,7 +392,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-create-account"
|
||||
version: "3.3.0"
|
||||
version: "3.3.2"
|
||||
verify: true
|
||||
synapseWeb:
|
||||
# providerCategory: "Platform"
|
||||
@@ -390,7 +402,7 @@ charts:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/charts/opendesk-element"
|
||||
name: "opendesk-synapse-web"
|
||||
version: "3.3.0"
|
||||
version: "3.3.2"
|
||||
verify: true
|
||||
xwiki:
|
||||
# providerCategory: "Supplier"
|
||||
|
||||
@@ -2,62 +2,76 @@
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
databases:
|
||||
defaults:
|
||||
userConnectionLimit: 100
|
||||
keycloak:
|
||||
name: "keycloak"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "keycloak_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
keycloakExtension:
|
||||
name: "keycloak_extensions"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "keycloak_extensions_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
nextcloud:
|
||||
name: "nextcloud"
|
||||
host: "mariadb"
|
||||
port: 3306
|
||||
username: "nextcloud_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
openproject:
|
||||
name: "openproject"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "openproject_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
oxAppsuite:
|
||||
host: "mariadb"
|
||||
name: "configdb"
|
||||
host: "mariadb"
|
||||
port: 3306
|
||||
username: "root"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
synapse:
|
||||
host: "postgresql"
|
||||
name: "matrix"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "matrix_user"
|
||||
password: ""
|
||||
port: 5432
|
||||
connectionLimit: ~
|
||||
umsGuardianManagementApi:
|
||||
name: "guardianmanagementapi"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "guardianmanagementapi_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
umsNotificationsApi:
|
||||
name: "notificationsapi"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "notificationsapi_user"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
umsSelfservice:
|
||||
name: "selfservice"
|
||||
host: "postgresql"
|
||||
port: 5432
|
||||
username: "selfservice_user"
|
||||
password: ""
|
||||
connectionLimit: 10
|
||||
xwiki:
|
||||
name: "xwiki"
|
||||
host: "mariadb"
|
||||
port: 3306
|
||||
username: "root"
|
||||
password: ""
|
||||
connectionLimit: ~
|
||||
...
|
||||
|
||||
@@ -30,11 +30,6 @@ functional:
|
||||
# Disable to not support Matrix federation with your installation.
|
||||
enabled: true
|
||||
|
||||
email:
|
||||
systemGenerated:
|
||||
# By disabling all mails are sent from @<domain> instead of @<component>.<domain>.
|
||||
useComponentInSenderdomain: true
|
||||
|
||||
filestore:
|
||||
quota:
|
||||
# Set the default quota for all users in GB
|
||||
@@ -50,11 +45,11 @@ functional:
|
||||
# Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#versions-retention-obligation
|
||||
versions: "auto"
|
||||
# yamllint enable rule:line-length
|
||||
|
||||
|
||||
dataProtection:
|
||||
matrixPresence:
|
||||
# Enable to allow information about the user presence status to be shared.
|
||||
# Ref.: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#presence
|
||||
enabled: false
|
||||
|
||||
|
||||
...
|
||||
|
||||
@@ -30,6 +30,14 @@ images:
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/xwiki/images-mirror/cryptpad"
|
||||
tag: "opendesk-20231222@sha256:f4d20d5c38c87b11ed1a1b46ef6a3633d32c6758ebdff8556458f040318fa5e2"
|
||||
dkimpy:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry.opencode.de"
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/dkimpy-milter"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/dkimpy-milter"
|
||||
tag: "1.1.0@sha256:f140c7fc3fd9636addc612edd6e10f6aefa69e34ff637c95ce9036a32e44555f"
|
||||
dovecot:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Open-Xchange"
|
||||
@@ -71,11 +79,9 @@ images:
|
||||
# upstreamRepository: "univention/intercom-service"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["1", "6"]
|
||||
#registry: "registry.opencode.de"
|
||||
#repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus/images/intercom-service"
|
||||
tag: "0.8.0@sha256:2e5e303c947aca687530244af5856cc4ba2b7cd880ff8348e922ac36c5f11167"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/intercom-service"
|
||||
tag: "1.6@sha256:f32c1e52fa132e9dc6973e9f8ed36a98c5c3e0bcd51c60f9a683e7e528dd2306"
|
||||
jibri:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Nordeck"
|
||||
@@ -197,9 +203,11 @@ images:
|
||||
# providerResponsible: "openDesk"
|
||||
# upstreamRegistry: "https://registry-1.docker.io"
|
||||
# upstreamRepository: "bitnami/memcached"
|
||||
registry: "registry-1.docker.io"
|
||||
# registry: "registry-1.docker.io"
|
||||
# repository: "bitnami/memcached"
|
||||
registry: "docker.io"
|
||||
repository: "bitnami/memcached"
|
||||
tag: "1.6.21-debian-11-r107@sha256:247ec29efd6030960047a623aef025021154662edf6b6d6e88c97936f164d99d"
|
||||
tag: "1.6.29-debian-12-r4"
|
||||
migrations:
|
||||
# providerCategory: "Platform"
|
||||
# providerResponsible: "openDesk"
|
||||
@@ -265,9 +273,11 @@ images:
|
||||
# upstreamRepository: "nubus/images/data-loader"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["0", "41", "5"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
||||
tag: "0.61.0@sha256:598e9fa176c71a6da90ab200ca52abd88176c8cb22a1bf56fec9cd0daf58f58f"
|
||||
# registry: "registry.opencode.de"
|
||||
# repository: "bmi/opendesk/components/supplier/univention/images-mirror/data-loader"
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus-dev/images/data-loader"
|
||||
tag: "0.63.0-pre-jtorres-create-readonly-user-nubus@sha256:82947d98b5c04b9ffa0093429dc33b0f94c602f08b6e595eb1ca28bb4dd160b7"
|
||||
nubusGuardianAuthorizationApi:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -327,9 +337,11 @@ images:
|
||||
# upstreamRepository: "nubus/images/keycloak-bootstrap"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["0", "1", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
||||
tag: "0.1.2@sha256:ea462e3e40843215814bddae0668dc56102864d99127ad3c8d9816d741886ac0"
|
||||
# registry: "registry.opencode.de"
|
||||
# repository: "bmi/opendesk/components/supplier/univention/images-mirror/keycloak-bootstrap"
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus/images/keycloak-bootstrap"
|
||||
tag: "0.1.2"
|
||||
nubusKeycloakExtensionHandler:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -620,16 +632,6 @@ images:
|
||||
registry: "artifacts.software-univention.de"
|
||||
repository: "nubus/images/umc-server"
|
||||
tag: "0.27.0@sha256:fa552aa595f75d54b216af4390bd5ea3d5385e6a9a5f558804da3aae9f700acf"
|
||||
nubusUmcServerProxy:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
# upstreamRegistry: "https://artifacts.software-univention.de"
|
||||
# upstreamRepository: "library/traefik"
|
||||
# upstreamMirrorTagFilterRegEx: '^(\d+)\.(\d+)$'
|
||||
# upstreamMirrorStartFrom: ["3", "0"]
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/supplier/univention/images-mirror/traefik"
|
||||
tag: "3.0@sha256:9214fcecc5833b4df2bfe6bf92714f35220d79a4c5c626931701dbbdb555f86b"
|
||||
nubusWaitForDependency:
|
||||
# providerCategory: "Supplier"
|
||||
# providerResponsible: "Univention"
|
||||
@@ -809,7 +811,7 @@ images:
|
||||
# upstreamRepository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||
registry: "registry.opencode.de"
|
||||
repository: "bmi/opendesk/components/platform-development/images/postfix"
|
||||
tag: "1.0.0@sha256:61e4661a7323101dfb51c85c5a48c345c75436f3f533176f049d2660d711a8a5"
|
||||
tag: "2.0.0@sha256:5b2432dc09318db172a593bca860887ee9d713b9987db64f8b265f3e08a1d374"
|
||||
postgresql:
|
||||
# providerCategory: "Community"
|
||||
# providerResponsible: "openDesk"
|
||||
|
||||
@@ -19,6 +19,9 @@ collabora:
|
||||
cryptpad:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
dkimpy:
|
||||
enabled: false
|
||||
namespace: ~
|
||||
dovecot:
|
||||
enabled: true
|
||||
namespace: ~
|
||||
|
||||
@@ -36,6 +36,8 @@ replicas:
|
||||
dovecot: 1
|
||||
# -- scalable: false
|
||||
postfix: 1
|
||||
# -- scalable: true
|
||||
dkimpy: 1
|
||||
|
||||
# -- component: Chat (Element, Synapse)
|
||||
# -- scalable: true
|
||||
|
||||
@@ -25,6 +25,13 @@ resources:
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "512Mi"
|
||||
dkimpy:
|
||||
limits:
|
||||
cpu: 99
|
||||
memory: "256Mi"
|
||||
requests:
|
||||
cpu: 0.1
|
||||
memory: "128Mi"
|
||||
dovecot:
|
||||
limits:
|
||||
cpu: 99
|
||||
|
||||
@@ -11,6 +11,7 @@ seLinuxOptions:
|
||||
clamd: ~
|
||||
collabora: ~
|
||||
cryptpad: ~
|
||||
dkimpy: ~
|
||||
dovecot: ~
|
||||
element: ~
|
||||
freshclam: ~
|
||||
|
||||
@@ -9,4 +9,17 @@ smtp:
|
||||
username: ""
|
||||
password: {{ env "SMTP_PASSWORD" | quote }}
|
||||
localpartNoReply: "no-reply"
|
||||
|
||||
# For the following settings to have effect `dkimpy.enabled` must be `true`.
|
||||
dkim:
|
||||
key:
|
||||
# DKIM private key as plaintext value.
|
||||
value: ""
|
||||
|
||||
# DKIM private key from existing secret. As a higher precedence than the plain `value`.
|
||||
secret:
|
||||
name: ""
|
||||
key: ""
|
||||
selector: "rsa"
|
||||
useED25519: false
|
||||
...
|
||||
|
||||
Reference in New Issue
Block a user