mirror of
https://gitlab.opencode.de/bmi/opendesk/deployment/opendesk.git
synced 2025-12-06 23:41:43 +01:00
Compare commits
8 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
767c382091 | ||
|
|
55f6ba21dc | ||
|
|
b3c4ec5165 | ||
|
|
e231e5749d | ||
|
|
f98c48616b | ||
|
|
c460467d74 | ||
|
|
3f7faf88fb | ||
|
|
1971dfbded |
@@ -384,6 +384,18 @@ openproject-deploy:
|
||||
variables:
|
||||
COMPONENT: "openproject"
|
||||
|
||||
openproject-bootstrap-deploy:
|
||||
stage: "component-deploy-stage-2"
|
||||
extends: ".deploy-common"
|
||||
rules:
|
||||
- if: >
|
||||
$CI_PIPELINE_SOURCE =~ "web|schedules|triggers" &&
|
||||
$NAMESPACE =~ /.+/ &&
|
||||
($DEPLOY_ALL_COMPONENTS != "no" || ($DEPLOY_OPENPROJECT != "no" && $DEPLOY_NEXTCLOUD != "no"))
|
||||
when: "always"
|
||||
variables:
|
||||
COMPONENT: "openproject-bootstrap"
|
||||
|
||||
jitsi-deploy:
|
||||
stage: "component-deploy-stage-1"
|
||||
extends: ".deploy-common"
|
||||
|
||||
28
CHANGELOG.md
28
CHANGELOG.md
@@ -1,3 +1,31 @@
|
||||
## [0.5.40](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.39...v0.5.40) (2023-11-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **open-xchange:** Bump Dovecot and fix out-of-office replys ([55f6ba2](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/55f6ba21dc9eab811ac501bf0e2b78d4ae772194))
|
||||
|
||||
## [0.5.39](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.38...v0.5.39) (2023-11-14)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **univention-management-stack:** Update optional UMS preview state ([e231e57](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/e231e5749d3804f888ec23e12b58783856043219))
|
||||
|
||||
## [0.5.38](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.37...v0.5.38) (2023-11-13)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **collabora:** Update image to 23.05.5.4.1 ([c460467](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/c460467d7449b107134562b785e95f6280e3473d))
|
||||
|
||||
## [0.5.37](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.36...v0.5.37) (2023-11-12)
|
||||
|
||||
|
||||
### Bug Fixes
|
||||
|
||||
* **openproject:** Add bootstrapping of Nextcloud filestore ([1971dfb](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/commit/1971dfbded21d16909e889ba6d19ff9cf3e4cb20))
|
||||
|
||||
## [0.5.36](https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/deployment/sovereign-workplace/compare/v0.5.35...v0.5.36) (2023-11-10)
|
||||
|
||||
|
||||
|
||||
@@ -386,7 +386,8 @@ This list gives you an overview of default security settings and if they comply
|
||||
| | icap | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| | milter | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 100 | 101 | 101 |
|
||||
| Collabora | collabora | :x: | :x: | :x: (`CHOWN`, `DAC_OVERRIDE`, `FOWNER`, `FSETID`, `KILL`, `SETGID`, `SETUID`, `SETPCAP`, `NET_BIND_SERVICE`, `NET_RAW`, `SYS_CHROOT`, `MKNOD`) | :white_check_mark: | :x: | :white_check_mark: | 100 | 101 | 100 |
|
||||
| CryptPad | cryptpad | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| CryptPad | npm | :x: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :x: | :white_check_mark: | 4001 | 4001 | 4001 |
|
||||
| Dovecot | dovecot | :x: | :white_check_mark: | :x: (`CHOWN`, `DAC_OVERRIDE`, `NET_BIND_SERVICE`, `SETGID`, `SETUID`, `SYS_CHROOT`) | :white_check_mark: | :white_check_mark: | :x: | - | - | 1000 |
|
||||
| Element | element | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
| | synapse | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 10991 | - | 10991 |
|
||||
| | synapseWeb | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: | 101 | 101 | 101 |
|
||||
|
||||
@@ -20,6 +20,7 @@ helmfiles:
|
||||
- path: "helmfile/apps/openproject/helmfile.yaml"
|
||||
- path: "helmfile/apps/xwiki/helmfile.yaml"
|
||||
- path: "helmfile/apps/provisioning/helmfile.yaml"
|
||||
- path: "helmfile/apps/openproject-bootstrap/helmfile.yaml"
|
||||
|
||||
missingFileHandler: "Error"
|
||||
|
||||
|
||||
@@ -35,7 +35,7 @@ repositories:
|
||||
releases:
|
||||
- name: "dovecot"
|
||||
chart: "opendesk-dovecot-repo/dovecot"
|
||||
version: "1.3.4"
|
||||
version: "1.3.5"
|
||||
values:
|
||||
- "values-dovecot.yaml"
|
||||
- "values-dovecot.gotmpl"
|
||||
|
||||
@@ -22,7 +22,8 @@ dovecot:
|
||||
host: {{ .Values.ldap.host | quote }}
|
||||
password: {{ .Values.secrets.univentionCorporateServer.ldapSearch.dovecot | quote }}
|
||||
oidc:
|
||||
introspectionURL: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
introspectionHost: {{ printf "%s.%s" .Values.global.hosts.keycloak .Values.global.domain | quote }}
|
||||
introspectionPath: "/realms/souvap/protocol/openid-connect/token/introspect"
|
||||
clientSecret: {{ .Values.secrets.keycloak.clientSecret.as8oidc | quote }}
|
||||
clientID: "as8oidc"
|
||||
loginTrustedNetworks: {{ .Values.cluster.networking.cidr | quote }}
|
||||
|
||||
@@ -1,9 +1,6 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
readOnlyRootFilesystem: false
|
||||
|
||||
dovecot:
|
||||
ldap:
|
||||
enabled: true
|
||||
@@ -14,4 +11,9 @@ dovecot:
|
||||
enabled: true
|
||||
clientID: "as8oidc"
|
||||
usernameAttribute: "phoenixusername"
|
||||
|
||||
submission:
|
||||
enabled: true
|
||||
ssl: "no"
|
||||
host: "postfix:25"
|
||||
...
|
||||
|
||||
36
helmfile/apps/openproject-bootstrap/helmfile.yaml
Normal file
36
helmfile/apps/openproject-bootstrap/helmfile.yaml
Normal file
@@ -0,0 +1,36 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
bases:
|
||||
- "../../bases/environments.yaml"
|
||||
|
||||
---
|
||||
repositories:
|
||||
# openDesk OpenProject Bootstrap
|
||||
# Source: Set when repo is managed on Open CoDE
|
||||
- name: "opendesk-openproject-bootstrap-repo"
|
||||
oci: true
|
||||
# yamllint disable rule:line-length
|
||||
url: >-
|
||||
{{ env "PRIVATE_IMAGE_REGISTRY_URL" |
|
||||
default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }}
|
||||
# yamllint enable rule:line-length
|
||||
verify: true
|
||||
keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
|
||||
|
||||
releases:
|
||||
- name: "opendesk-openproject-bootstrap"
|
||||
chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap"
|
||||
version: "1.2.1"
|
||||
wait: true
|
||||
waitForJobs: true
|
||||
values:
|
||||
- "values.yaml"
|
||||
- "values.gotmpl"
|
||||
installed: {{ .Values.openproject.enabled }}
|
||||
timeout: 900
|
||||
|
||||
commonLabels:
|
||||
deploy-stage: "component-2"
|
||||
component: "opendesk-openproject-bootstrap"
|
||||
...
|
||||
34
helmfile/apps/openproject-bootstrap/values.gotmpl
Normal file
34
helmfile/apps/openproject-bootstrap/values.gotmpl
Normal file
@@ -0,0 +1,34 @@
|
||||
{{/*
|
||||
SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
SPDX-License-Identifier: Apache-2.0
|
||||
*/}}
|
||||
---
|
||||
global:
|
||||
domain: "{{ .Values.global.domain }}"
|
||||
hosts:
|
||||
{{ .Values.global.hosts | toYaml | nindent 4 }}
|
||||
registry: "{{ .Values.global.imageRegistry }}"
|
||||
imagePullSecrets:
|
||||
{{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry }}
|
||||
repository: "{{ .Values.images.openprojectBootstrap.repository }}"
|
||||
tag: "{{ .Values.images.openprojectBootstrap.tag }}"
|
||||
imagePullPolicy: "{{ .Values.global.imagePullPolicy }}"
|
||||
|
||||
cleanup:
|
||||
deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
|
||||
keepPVCOnDelete: {{ .Values.cleanup.keepPVCOnDelete }}
|
||||
|
||||
config:
|
||||
openproject:
|
||||
fileshareName: "Nextcloud at {{ .Values.global.domain }}"
|
||||
admin:
|
||||
username: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
||||
password: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
||||
nextcloud:
|
||||
admin:
|
||||
username: "nextcloud"
|
||||
password: {{ .Values.secrets.nextcloud.adminPassword | quote }}
|
||||
...
|
||||
25
helmfile/apps/openproject-bootstrap/values.yaml
Normal file
25
helmfile/apps/openproject-bootstrap/values.yaml
Normal file
@@ -0,0 +1,25 @@
|
||||
# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
|
||||
# SPDX-License-Identifier: Apache-2.0
|
||||
---
|
||||
containerSecurityContext:
|
||||
allowPrivilegeEscalation: false
|
||||
capabilities:
|
||||
drop:
|
||||
- "ALL"
|
||||
enabled: true
|
||||
privileged: false
|
||||
runAsUser: 1000
|
||||
runAsGroup: 1000
|
||||
seccompProfile:
|
||||
type: "RuntimeDefault"
|
||||
readOnlyRootFilesystem: true
|
||||
runAsNonRoot: true
|
||||
|
||||
job:
|
||||
enabled: true
|
||||
|
||||
podSecurityContext:
|
||||
enabled: true
|
||||
fsGroup: 1000
|
||||
fsGroupChangePolicy: "OnRootMismatch"
|
||||
...
|
||||
@@ -57,6 +57,8 @@ ingress:
|
||||
|
||||
environment:
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_SECRET: {{ .Values.secrets.keycloak.clientSecret.openproject | quote }}
|
||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_USER: {{ .Values.secrets.openproject.apiAdminUsername | quote }}
|
||||
OPENPROJECT_AUTHENTICATION_GLOBAL__BASIC__AUTH_PASSWORD: {{ .Values.secrets.openproject.apiAdminPassword | quote }}
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ISSUER: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_POST__LOGOUT__REDIRECT__URI: "https://{{ .Values.global.hosts.openproject }}.{{ .Values.global.domain }}/"
|
||||
OPENPROJECT_OPENID__CONNECT_KEYCLOAK_HOST: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
|
||||
@@ -26,6 +26,7 @@ oxConnector:
|
||||
oxMasterPassword: {{ .Values.secrets.oxAppsuite.adminPassword | quote }}
|
||||
oxSoapServer: "https://{{ .Values.global.hosts.openxchange }}.{{ .Values.istio.domain }}"
|
||||
oxDefaultContext: "1"
|
||||
ldapPassword: {{ if eq .Values.ldap.host "univention-corporate-container" }} "ucctempldapstring" {{ else }} {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }} {{ end }}
|
||||
|
||||
resources:
|
||||
{{ .Values.resources.oxConnector | toYaml | nindent 2 }}
|
||||
|
||||
@@ -5,12 +5,9 @@ ingress:
|
||||
enabled: false
|
||||
|
||||
oxConnector:
|
||||
# ldapHostIp: ""
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
ldapHostDn: "cn=admin,dc=swp-ldap,dc=internal"
|
||||
tlsMode: "off"
|
||||
# current static password for UCC
|
||||
ldapPassword: "ucctempldapstring"
|
||||
caCert: "ucctempldapstring"
|
||||
debugLevel: "5"
|
||||
logLevel: "DEBUG"
|
||||
|
||||
@@ -41,7 +41,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-server"
|
||||
chart: "ums-repo/ldap-server"
|
||||
version: "0.4.1"
|
||||
version: "0.5.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -49,7 +49,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-ldap-notifier"
|
||||
chart: "ums-repo/ldap-notifier"
|
||||
version: "0.4.1"
|
||||
version: "0.5.2"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -58,7 +58,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-udm-rest-api"
|
||||
chart: "ums-repo/udm-rest-api"
|
||||
version: "0.3.2"
|
||||
version: "0.3.3"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -66,7 +66,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-ums"
|
||||
chart: "ums-repo/stack-data-ums"
|
||||
version: "0.15.2"
|
||||
version: "0.25.1"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -74,7 +74,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-stack-data-swp"
|
||||
chart: "ums-repo/stack-data-swp"
|
||||
version: "0.15.2"
|
||||
version: "0.25.1"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -82,7 +82,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-server"
|
||||
chart: "ums-repo/portal-server"
|
||||
version: "0.3.4"
|
||||
version: "0.4.3"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -90,7 +90,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-notifications-api"
|
||||
chart: "ums-repo/notifications-api"
|
||||
version: "0.3.4"
|
||||
version: "0.4.3"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -99,7 +99,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-listener"
|
||||
chart: "ums-repo/portal-listener"
|
||||
version: "0.3.4"
|
||||
version: "0.4.3"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -108,7 +108,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-portal-frontend"
|
||||
chart: "ums-repo/portal-frontend"
|
||||
version: "0.3.4"
|
||||
version: "0.4.3"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -124,7 +124,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-gateway"
|
||||
chart: "ums-repo/umc-gateway"
|
||||
version: "0.3.2"
|
||||
version: "0.3.5"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
@@ -132,7 +132,7 @@ releases:
|
||||
installed: {{ .Values.univentionManagementStack.enabled }}
|
||||
- name: "ums-umc-server"
|
||||
chart: "ums-repo/umc-server"
|
||||
version: "0.3.2"
|
||||
version: "0.3.5"
|
||||
values:
|
||||
- "values-common.gotmpl"
|
||||
- "values-common.yaml"
|
||||
|
||||
@@ -7,16 +7,13 @@ ldapServer:
|
||||
ldapSecret: {{ .Values.secrets.univentionManagementStack.ldapSecret | quote }}
|
||||
ldapBaseDn: "dc=swp-ldap,dc=internal"
|
||||
|
||||
waitForSamlMetadata: true
|
||||
|
||||
# TODO: Certificates handling
|
||||
# caCert: ""
|
||||
# certPem: ""
|
||||
# privateKey: ""
|
||||
# dhParam: ""
|
||||
tlsMode: "off"
|
||||
|
||||
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: null
|
||||
serviceProviders: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
|
||||
@@ -12,6 +12,9 @@ portalServer:
|
||||
ucsInternalUrl: "http://portal-server:{{ .Values.secrets.univentionManagementStack.storeDavUsers.portalServer }}@ums-store-dav/portal-data"
|
||||
umcGetUrl: "http://ums-umc-server/get"
|
||||
umcSessionUrl: "http://ums-umc-server/get/session-info"
|
||||
centralNavigation:
|
||||
enabled: true
|
||||
authenticatorSecret: {{ .Values.secrets.centralnavigation.apiKey | quote }}
|
||||
|
||||
image:
|
||||
registry: {{ .Values.global.imageRegistry | quote }}
|
||||
|
||||
@@ -19,11 +19,12 @@ stackDataContext:
|
||||
# ldapHostDn: cn=stub-value,cn=dc,cn=computers,dc=swp-ldap,dc=internal
|
||||
ldapHostDn: cn=admin,dc=swp-ldap,dc=internal
|
||||
|
||||
samlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
samlMetadataUrlInternal: null
|
||||
samlSpServer: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
samlSchemes: "https"
|
||||
ssoFqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
idpSamlMetadataUrl: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/souvap/protocol/saml/descriptor"
|
||||
idpSamlMetadataUrlInternal: null
|
||||
umcSamlSpFqdn: "{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}"
|
||||
umcSamlSchemes: "https"
|
||||
idpFqdn: "{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}"
|
||||
ldapSamlSpUrls: "https://{{ .Values.global.hosts.univentionManagementStack }}.{{ .Values.global.domain }}/univention/saml/metadata"
|
||||
|
||||
initialPasswordAdministrator: "{{ .Values.secrets.univentionManagementStack.defaultAccounts.administratorPassword }}"
|
||||
|
||||
|
||||
@@ -8,15 +8,15 @@ images:
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
collabora:
|
||||
repository: "souvap/tooling/images/collabora"
|
||||
tag: "23.05.5.3.1@sha256:496c913527ce83feb3fe2383d710851aa3781ffa56d200c75def74904d32adc3"
|
||||
tag: "23.05.5.4.1@sha256:ff48ec379f0d63e50b7714d1fa0f8f8de4247595dfa78754c44786a79c4968e4"
|
||||
# @supplier: "Collabora"
|
||||
cryptpad:
|
||||
repository: "cryptpad/cryptpad"
|
||||
tag: "opendesk-20231020@sha256:b0bfe09601d8c8064e1b174d21a225ddb10aaa4103892fdfdf3d216726c26dde"
|
||||
# @supplier: "XWiki"
|
||||
dovecot:
|
||||
repository: "dovecot/dovecot"
|
||||
tag: "2.3.20@sha256:96d414aa3f6978669b417f6468c16313a54ee6143a4846870e9f0eda280806e7"
|
||||
repository: "souvap/tooling/images/dovecot-public-sector"
|
||||
tag: "2.3.21@sha256:c76965a84d1ca527f523404eb027119f6736b199c094e4671037cb345ecad3dc"
|
||||
# @supplier: "Open-Xchange"
|
||||
element:
|
||||
repository: "souvap/tooling/images/element-web"
|
||||
@@ -70,7 +70,7 @@ images:
|
||||
keycloakBootstrap:
|
||||
repository: "souvap/tooling/images/ansible"
|
||||
tag: "4.10.0@sha256:89d8212c20e03b0fd079e08afaf3247c1b96b380c4db1b572d68d0b4a6abc0ac"
|
||||
# @supplier: "Univention"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
keycloakExtensionHandler:
|
||||
repository: "souvap/tooling/images/keycloak-extensions/keycloak-handler"
|
||||
tag: "latest@sha256:e67bdfc655e43b7fb83b025e13f949b04fdd98e089b33401275d03e340e03e2e"
|
||||
@@ -122,12 +122,16 @@ images:
|
||||
# @supplier: "Nextcloud Community"
|
||||
openproject:
|
||||
repository: "openproject/open_desk"
|
||||
tag: "dev@sha256:ca5b843fd7f0687617ce3038a52fd6ac73fb4e9db7b762b8ac7d5090f168f0b1"
|
||||
tag: "dev@sha256:732b5d0efe9fc64fe411c9d8143ec3f4a3c731d03c0caddb5fa4c614ff426e8d"
|
||||
# @supplier: "OpenProject"
|
||||
openprojectInitDb:
|
||||
repository: "postgres"
|
||||
tag: "13@sha256:ced3ba927f4cf06e03eac7760f426a95367076fb31fe4e31b679f82d119a3519"
|
||||
# @supplier: "OpenProject"
|
||||
openprojectBootstrap:
|
||||
repository: "souvap/tooling/images/opendesk-openproject-bootstrap"
|
||||
tag: "1.1.1@sha256:09da76a9b645b3dbe5c181061f7829f82f239e7d17f7e115218a32870f7a955e"
|
||||
# @supplier: "openDesk DevSecOps"
|
||||
openxchangeBootstrap:
|
||||
repository: "alpine/k8s"
|
||||
tag: "1.26.8@sha256:acde24d2a8ebaafda76f464591a5ddc7d0acd08bb38b12560961c1b1c4fc85ec"
|
||||
@@ -220,67 +224,67 @@ images:
|
||||
umsConfigHtpasswd:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/config-htpasswd"
|
||||
tag: "0.5.2"
|
||||
tag: "0.5.2@sha256:b713d22a9f2285aab7ff3b1db950002c9ae507ee0b8ba6c76c8a700299440b02"
|
||||
# @supplier: "Univention"
|
||||
umsDataLoader:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/data-loader"
|
||||
tag: "0.15.2"
|
||||
tag: "0.25.1@sha256:4b5d621e7ee2ca9efd8755ccb287a6daeb05284c3c010e4b6c487d01e539c606"
|
||||
# @supplier: "Univention"
|
||||
umsLdapNotifier:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-notifier"
|
||||
tag: "0.4.1"
|
||||
tag: "0.5.2@sha256:693c170507dd420d9afa19a2128c85ffd1f231b1c13b149a46bb12a501a1136f"
|
||||
# @supplier: "Univention"
|
||||
umsLdapServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/ldap-server"
|
||||
tag: "0.4.1"
|
||||
tag: "0.5.2@sha256:e4b229b1879185e150e371242a90c9a8e1ebb0bc19076871554137cc354855cb"
|
||||
# @supplier: "Univention"
|
||||
umsNotificationsApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/notifications-api"
|
||||
tag: "0.3.4"
|
||||
tag: "0.4.3@sha256:f0a95d96f4047b08db41b8878800f98e66a8fb2fc3c0f493130be314a3be0270"
|
||||
# @supplier: "Univention"
|
||||
umsPortalListener:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-listener"
|
||||
tag: "0.3.4"
|
||||
tag: "0.4.3@sha256:a5454bfc113df95d1e71424765b6a0137e7468861cb3df3865136888d24ca7a0"
|
||||
# @supplier: "Univention"
|
||||
umsPortalFrontend:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-frontend"
|
||||
tag: "0.3.5"
|
||||
tag: "0.4.3@sha256:bfae4930c830185b0f64d6cd9bb479bdde8ac383a58f8f5948731ece9288ff4d"
|
||||
# @supplier: "Univention"
|
||||
umsPortalServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/portal-server"
|
||||
tag: "0.3.4"
|
||||
tag: "0.4.3@sha256:3a906e38aaabf5e80457f1b572a4ee3676b90921ac9c0df9a64a177ee0d75cc9"
|
||||
# @supplier: "Univention"
|
||||
umsWaitForDependency:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/wait-for-dependency"
|
||||
tag: "0.3.4"
|
||||
tag: "0.4.3@sha256:ff4b7f762860baa1415cfe9a24131cb28c2660a14058ca8a1e7a697468f72d69"
|
||||
# @supplier: "Univention"
|
||||
umsStoreDav:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/store-dav"
|
||||
tag: "0.5.2"
|
||||
tag: "0.5.2@sha256:e6d42110be74f171b62c8ba4752afd0af8119f0354783bf428eb2030f97be84a"
|
||||
# @supplier: "Univention"
|
||||
umsUdmRestApi:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/udm-rest-api"
|
||||
tag: "0.3.2"
|
||||
tag: "0.3.3@sha256:3893d74b1e450e920a53788a8b86cafb4e811dbbae8734fd32d56718ccbb89c5"
|
||||
# @supplier: "Univention"
|
||||
umsUmcGateway:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-gateway"
|
||||
tag: "0.3.2"
|
||||
tag: "0.3.5@sha256:2e5ec7a33f0f9094143090c786b3fda632fe85b669b7fe3bb467ec96b4a76eff"
|
||||
# @supplier: "Univention"
|
||||
umsUmcServer:
|
||||
# This is a preview and not part of the standard deployment.
|
||||
repository: "souvap/tooling/images/univention/umc-server"
|
||||
tag: "0.3.2"
|
||||
tag: "0.3.5@sha256:fa95ab3a547807322e6d66da943292119b37229eccbb35b31217fe0f484c4798"
|
||||
# @supplier: "Univention"
|
||||
wellKnown:
|
||||
repository: "library/nginx"
|
||||
|
||||
@@ -12,7 +12,7 @@ persistence:
|
||||
matrixNeoDateFixBot: "1Gi"
|
||||
minio: "1Gi"
|
||||
nextcloud:
|
||||
main: "1.2Gi"
|
||||
main: "2Gi"
|
||||
data: "10Gi"
|
||||
postfix: "1Gi"
|
||||
postgresql: "1Gi"
|
||||
|
||||
@@ -63,6 +63,8 @@ secrets:
|
||||
metricsToken: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "nextcloud" "metricsToken" | sha1sum | quote }}
|
||||
openproject:
|
||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_admin_user" | sha1sum | quote }}
|
||||
apiAdminUsername: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_api_admin_username" | sha1sum | quote }}
|
||||
apiAdminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "openproject" "openproject_api_admin_password" | sha1sum | quote }}
|
||||
collabora:
|
||||
adminPassword: {{ derivePassword 1 "long" (env "MASTER_PASSWORD" | default "sovereign-workplace") "collabora" "collabora_admin_user" | sha1sum | quote }}
|
||||
jitsi:
|
||||
|
||||
Reference in New Issue
Block a user