chore(release): 0.5.60 [skip ci]

## [0.5.60](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.59...v0.5.60) (2023-12-05) ### Bug Fixes * **ci:** Ensure release creation with artifacts ([dc7ce0b](dc7ce0bc4b))
fix(ci): Ensure release creation with artifacts
2025-12-06 15:31:38 +01:00 · 2023-12-05 13:11:56 +00:00 · 2023-12-05 13:09:19 +00:00 · 2023-12-05 08:36:22 +00:00 · 2023-12-05 09:07:41 +01:00 · 2023-12-01 20:53:38 +00:00
20 changed files with 287 additions and 15 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -620,4 +620,6 @@ release:
      }
      EOF
    - "semantic-release"
  needs:
    - "generate-release-assets"
 ...
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,43 @@
 ## [0.5.60](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.59...v0.5.60) (2023-12-05)
 ### Bug Fixes
 * **ci:** Ensure release creation with artifacts ([dc7ce0b](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/dc7ce0bc4b9501b63274f68352e6d9e76b5424e8))
 ## [0.5.59](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.58...v0.5.59) (2023-12-05)
 ### Bug Fixes
 * **helmfile:** Add configurable objectstore ([3b5493d](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/3b5493d78dc027cd1f3206b26cf347dc6ce6e265))
 ## [0.5.58](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.57...v0.5.58) (2023-12-01)
 ### Bug Fixes
 * **cryptpad:** Add websocket annotation ([c41643e](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/c41643ee3e5610ef27a63a0355804159030a7452))
 * **openproject:** Add seederJob intent ([05cc82d](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/05cc82d7c5c5f93fb5de7df555a22e8e90279621))
 * **openproject:** Bump to 2.6.2 ([c8bc8b3](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/c8bc8b3172cfef3396379e3969dc087d67a228ee))
 * **services:** Add NetworkPolicy section to docs/security.md ([24812b6](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/24812b667cded720a0ac09b8b3eb89df39b02afb))
 * **services:** Add Otterize based security settings ([bec9a2d](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/bec9a2d46b2b563b7001ed8c6625c10111d5f151))
 * **univention-management-stack:** Add Otterize annotations for jobs ([2628a0e](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/2628a0e13e5957475ce81b12d4230400c9ffeafe))
 ## [0.5.57](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.56...v0.5.57) (2023-12-01)
 ### Bug Fixes
 * **helmfile:** Using correct private registry for  postfix helm-chart ([d367739](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/d367739248ed43b3bad6a00b059b2c949dde4cb7))
 ## [0.5.56](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.55...v0.5.56) (2023-11-30)
 ### Bug Fixes
 * **element:** Raise treshold for login rate limit to avoid too early barrier hitting normal users ([466e741](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/466e7414942837fdb1aecabfb08eae49f9dab272))
 ## [0.5.55](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.54...v0.5.55) (2023-11-30)
--- a/README.md
+++ b/README.md
@@ -9,14 +9,15 @@ openDesk is a Kubernetes based, open-source and cloud-native digital workplace s
 Aufbau ZenDiS" of Germany's Federal Ministry of the Interior.
 It features:
- Fully integrated Identity Management (Univention, Keycloak)
+- Fully integrated Identity Management (Univention)
 - File storage (Nextcloud)
 - Weboffice (Collabora)
- Videoconference (Jitsi)
+- Videoconference (Nordeck w/ Jitsi)
- Encrypted Chat (Synapse, Element)
+- Chat and Collaboration (Element w/ Nordeck)
 - Groupware (OX Appsuite)
 - Wiki (XWiki)
- Notes and Diagrams (Cryptpad, Draw.io)
+- Project Management (OpenProject)
 - Notes and Diagrams (Cryptpad)
 openDesk integrates these components and is working towards a seamless user experience.
@@ -40,7 +41,7 @@ Basic knowledge of Kubernetes and Devops is required though.
 # Active development notice
 openDesk will face breaking changes in the near future without upgrade paths before
-[technical release](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases
+[technical release](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/-/releases)
 v1.0.0 is reached.
 While most components support upgrades, major configuration or component changes may occur, therefore we recommend
--- a/docs/external-services.md
+++ b/docs/external-services.md
@@ -9,6 +9,7 @@ This document will cover the additional configuration to use external services l
 <!-- TOC -->
  * [Database](#database)
  * [Objectstore](#objectstore)
  * [Cache](#cache)
 <!-- TOC -->
@@ -65,6 +66,23 @@ service.
 |             |                    |            | Username  | `databases.xwiki.username`             | `xwiki_user`               |
 |             |                    |            | Password  | `databases.xwiki.password`             |                            |
 ## Objectstore
 When deploying this suite to production, you need to configure the applications to use your production grade objectstore
 service.
 | Component   | Name        | Parameter       | Key                                      | Default            |
 |-------------|-------------|-----------------|------------------------------------------|--------------------|
 | OpenProject | OpenProject |                 |                                          |                    |
 |             |             | Backend         | `objectstores.openproject.backend`       | `minio`            |
 |             |             | Bucket          | `objectstores.openproject.bucket`        | `openproject`      |
 |             |             | Endpoint        | `objectstores.openproject.endpoint`      |                    |
 |             |             | Provider        | `objectstores.openproject.provider`      | `AWS`              |
 |             |             | Region          | `objectstores.openproject.region`        |                    |
 |             |             | Secret          | `objectstores.openproject.secret`        |                    |
 |             |             | Username        | `objectstores.openproject.username`      | `openproject_user` |
 |             |             | Use IAM profile | `objectstores.openproject.useIAMProfile` |                    |
 ## Cache
 When deploying this suite to production, you need to configure the applications to use your production grade cache
--- a/docs/security.md
+++ b/docs/security.md
@@ -10,6 +10,7 @@ This document should cover the current status of security measurements.
 <!-- TOC -->
  * [Helm Chart Trust Chain](#helm-chart-trust-chain)
  * [Kubernetes Security Enforcements](#kubernetes-security-enforcements)
  * [NetworkPolicies](#networkpolicies)
 <!-- TOC -->
 ## Helm Chart Trust Chain
@@ -99,3 +100,22 @@ This list gives you an overview of default security settings and if they comply
 | UCC             | univention-corporate-container |        :x:         |                :x:                 |                                                                      :x:                                                                       |               :x:                 |               :x:               |          :x:          |     -     |     -      |    -    |
 | XWiki           | xwiki                          |        :x:         |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |               :x:               |  :white_check_mark:   |    100    |    101     |   101   |
 |                 | xwiki initContainers           |        :x:         |                :x:                 |                                                                      :x:                                                                       |        :white_check_mark:         |               :x:               |          :x:          |     -     |     -      |   101   | 
 ## NetworkPolicies
 Kubernetes NetworkPolicies are an important measure to secure your kubernetes apps and clusters.
 When applied, they restrict the traffic to your services.
 This protects other deployments in your cluster or other services in your deployment to get compromised when one
 component is compromised.
 We ship a default set of Otterize ClientIntents via
 [Otterize intents operator](https://github.com/otterize/intents-operator) which translates intent-based access control
 (IBAC) into kubernetes native NetworkPolicies.
 This requires the Otterize intents operator to be installed.
 ```yaml
 security:
  otterizeIntents:
    enabled: true
 ```
--- a/helmfile/apps/cryptpad/values.yaml
+++ b/helmfile/apps/cryptpad/values.yaml
@@ -22,6 +22,10 @@ enableEmbedding: true
 fullnameOverride: "cryptpad"
 ingress:
  annotations:
    nginx.org/websocket-services: "cryptpad"
 persistence:
  enabled: false
--- a/helmfile/apps/element/values-synapse.yaml
+++ b/helmfile/apps/element/values-synapse.yaml
@@ -11,6 +11,16 @@ configuration:
        - "m.space.parent"
        - "net.nordeck.meetings.metadata"
        - "m.room.power_levels"
    # When a user logs into Element a parallel request is done through Intercom Service to allow Synapse API
    # interaction, to avoid (temporary) blocking of the user for followup logins we want to raise the limits.
    # https://matrix-org.github.io/synapse/v1.59/usage/configuration/config_documentation.html#ratelimiting
    rc_login:
      account:
        per_second: 2
        burst_count: 8
      address:
        per_second: 2
        burst_count: 12
  homeserver:
    guestModule:
--- a/helmfile/apps/keycloak-bootstrap/values-bootstrap.gotmpl
+++ b/helmfile/apps/keycloak-bootstrap/values-bootstrap.gotmpl
@@ -27,4 +27,8 @@ image:
 resources:
  {{ .Values.resources.keycloakBootstrap | toYaml | nindent 2 }}
 additionalAnnotations:
  annotations:
    intents.otterize.com/service-name: "keycloak-bootstrap"
 ...
--- a/helmfile/apps/openproject/helmfile.yaml
+++ b/helmfile/apps/openproject/helmfile.yaml
@@ -12,6 +12,8 @@ repositories:
    url: >-
      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
         default "https://charts.openproject.org" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/openproject-com.gpg"
 releases:
  # renovate:
@@ -21,7 +23,7 @@ releases:
  # dependencyType=vendor
  - name: "openproject"
    chart: "openproject-repo/openproject"
-    version: "2.4.0"
+    version: "2.6.2"
    wait: true
    waitForJobs: true
    values:
--- a/helmfile/apps/openproject/values.gotmpl
+++ b/helmfile/apps/openproject/values.gotmpl
@@ -77,9 +77,16 @@ environment:
  OPENPROJECT_MAIL__FROM: "do-not-reply@{{ .Values.global.domain }}"
  # Details: https://www.openproject-edge.com/docs/installation-and-operations/configuration/#seeding-ldap-connections
  OPENPROJECT_SEED_LDAP_OPENDESK_BINDPASSWORD: {{ .Values.secrets.univentionCorporateServer.ldapSearch.openproject | quote }}
-  OPENPROJECT_FOG_CREDENTIALS_HOST: "{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
+  {{ if ne .Values.objectstores.openproject.backend "aws" }}
-  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: "https://{{ .Values.global.hosts.minioApi }}.{{ .Values.global.domain }}"
+  OPENPROJECT_FOG_CREDENTIALS_ENDPOINT: {{ .Values.objectstores.openproject.endpoint | default (printf "https://%s.%s" .Values.global.hosts.minioApi .Values.global.domain) | quote }}
-  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.secrets.minio.openprojectUser | quote }}
+  OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
  {{ end }}
  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: {{ .Values.objectstores.openproject.username | quote }}
  OPENPROJECT_FOG_CREDENTIALS_AWS__SECRET__ACCESS__KEY: {{ .Values.objectstores.openproject.secret | default .Values.secrets.minio.openprojectUser | quote }}
  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: {{ .Values.objectstores.openproject.provider | default "AWS" | quote }}
  OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.objectstores.openproject.region | quote }}
  OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }}
  OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE : {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
 replicaCount: {{ .Values.replicas.openproject }}
--- a/helmfile/apps/openproject/values.yaml
+++ b/helmfile/apps/openproject/values.yaml
@@ -75,11 +75,12 @@ environment:
  OPENPROJECT_SEED_LDAP_OPENDESK_GROUPFILTER_OPENDESK_GROUP__ATTRIBUTE: "cn"
  # Details: https://www.openproject.org/docs/installation-and-operations/configuration/#attachments-storage
  OPENPROJECT_ATTACHMENTS__STORAGE: "fog"
  OPENPROJECT_FOG_DIRECTORY: "openproject"
  OPENPROJECT_FOG_CREDENTIALS_PROVIDER: "AWS"
  OPENPROJECT_FOG_CREDENTIALS_PATH__STYLE: "true"
  OPENPROJECT_FOG_CREDENTIALS_AWS__ACCESS__KEY__ID: "openproject_user"
  # Define an admin mapping from the claim
  # The attribute mapping cannot currently be defined in the value
  OPENPROJECT_OPENID__CONNECT_KEYCLOAK_ATTRIBUTE__MAP_ADMIN: "openproject_admin"
 seederJob:
  annotations:
    intents.otterize.com/service-name: "openproject-seeder"
 ...
--- a/helmfile/apps/services/helmfile.yaml
+++ b/helmfile/apps/services/helmfile.yaml
@@ -6,6 +6,17 @@ bases:
 ---
 repositories:
  # openDesk Otterize
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-otterize
  - name: "opendesk-otterize-repo"
    oci: true
    # yamllint disable rule:line-length
    url: >-
      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-otterize" }}
    # yamllint enable rule:line-length
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
  # openDesk Certificates
  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates
  - name: "opendesk-certificates-repo"
@@ -40,7 +51,7 @@ repositories:
  - name: "postfix-repo"
    oci: true
    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
+      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }}
    verify: true
    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
@@ -75,6 +86,17 @@ repositories:
 releases:
  # renovate:
  # registryUrl=https://registry.souvap-univention.de
  # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize
  # dataSource=docker
  # dependencyType=service
  - name: "opendesk-otterize"
    chart: "opendesk-otterize-repo/opendesk-otterize"
    version: "1.1.2"
    values:
      - "values-otterize.gotmpl"
    installed: {{ .Values.security.otterizeIntents.enabled }}
  # renovate:
  # registryUrl=https://registry.souvap-univention.de
  # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates
  # dataSource=docker
  # dependencyType=service
--- a/helmfile/apps/services/values-otterize.gotmpl
+++ b/helmfile/apps/services/values-otterize.gotmpl
@@ -0,0 +1,56 @@
 {{/*
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 apps:
  clamavDistributed:
    enabled: {{ .Values.clamavDistributed.enabled }}
  clamavSimple:
    enabled: {{ .Values.clamavSimple.enabled }}
  collabora:
    enabled: {{ .Values.collabora.enabled }}
  cryptpad:
    enabled: {{ .Values.cryptpad.enabled }}
  dovecot:
    enabled: {{ .Values.dovecot.enabled }}
  element:
    enabled: {{ .Values.element.enabled }}
  intercom:
    enabled: {{ .Values.intercom.enabled }}
  jitsi:
    enabled: {{ .Values.jitsi.enabled }}
  keycloak:
    enabled: {{ .Values.keycloak.enabled }}
  mariadb:
    enabled: {{ .Values.mariadb.enabled }}
  memcached:
    enabled: {{ .Values.memcached.enabled }}
  minio:
    enabled: {{ .Values.minio.enabled }}
  nextcloud:
    enabled: {{ .Values.nextcloud.enabled }}
  openproject:
    enabled: {{ .Values.openproject.enabled }}
  oxAppsuite:
    enabled: {{ .Values.oxAppsuite.enabled }}
  oxConnector:
    enabled: {{ .Values.oxConnector.enabled }}
  postfix:
    enabled: {{ .Values.postfix.enabled }}
  postgresql:
    enabled: {{ .Values.postgresql.enabled }}
  redis:
    enabled: {{ .Values.redis.enabled }}
  univentionCorporateServer:
    enabled: {{ .Values.univentionCorporateServer.enabled }}
  univentionManagementStack:
    enabled: {{ .Values.univentionManagementStack.enabled }}
  xwiki:
    enabled: {{ .Values.xwiki.enabled }}
 extraApps:
  clusterPostfix:
    enabled: {{ .Values.security.clusterPostfix.enabled }}
    namespace: {{ .Values.security.clusterPostfix.namespace }}
 ...
--- a/helmfile/apps/univention-management-stack/helmfile.yaml
+++ b/helmfile/apps/univention-management-stack/helmfile.yaml
@@ -101,7 +101,7 @@ releases:
  # dependencyType=vendor
  - name: "ums-stack-data-ums"
    chart: "ums-repo/stack-data-ums"
-    version: "0.36.0"
+    version: "0.37.0"
    values:
      - "values-common.gotmpl"
      - "values-common.yaml"
@@ -116,7 +116,7 @@ releases:
  # dependencyType=vendor
  - name: "ums-stack-data-swp"
    chart: "ums-repo/stack-data-swp"
-    version: "0.36.0"
+    version: "0.37.0"
    values:
      - "values-common.gotmpl"
      - "values-common.yaml"
--- a/helmfile/apps/univention-management-stack/values-stack-data-swp.yaml
+++ b/helmfile/apps/univention-management-stack/values-stack-data-swp.yaml
@@ -11,4 +11,6 @@ stackDataContext:
  oxDefaultContext: "10"
  smtpStartTls: true
 additionalAnnotations:
  intents.otterize.com/service-name: "ums-stack-data-swp"
 ...
--- a/helmfile/apps/univention-management-stack/values-stack-data-ums.yaml
+++ b/helmfile/apps/univention-management-stack/values-stack-data-ums.yaml
@@ -12,4 +12,6 @@ stackDataContext:
  # The openDesk configuration brings its own UMC policies.
  installUmcPolicies: false
 additionalAnnotations:
  intents.otterize.com/service-name: "ums-stack-data-ums"
 ...
--- a/helmfile/environments/default/objectstore.gotmpl
+++ b/helmfile/environments/default/objectstore.gotmpl
@@ -0,0 +1,16 @@
 {{/*
 SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 SPDX-License-Identifier: Apache-2.0
 */}}
 ---
 objectstores:
  openproject:
    backend: "minio"
    bucket: "openproject"
    endpoint: ""
    provider: "AWS"
    region: ""
    secret: ""
    username: "openproject_user"
    useIAMProfile: ""
 ...
--- a/helmfile/environments/default/security.yaml
+++ b/helmfile/environments/default/security.yaml
@@ -0,0 +1,10 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
 ---
 security:
  otterizeIntents:
    enabled: false
  clusterPostfix:
    enabled: false
    namespace: ""
 ...
--- a/helmfile/files/gpg-pubkeys/openproject-com.gpg
+++ b/helmfile/files/gpg-pubkeys/openproject-com.gpg
@@ -0,0 +1,53 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 mQINBGVSG3cBEACftfIFs1EO29wSL9kNN057w6S8qSKNRI6DNrGkgYxB/C3JsdTH
 iNtpv1g1pBbze6Efz/SxaeQ43eqEPkqa9nHBE8ypSWBEzu0EzrDt5bhjpvL4yK1A
 14T6A7cYm6Qtu+AvMDaJ6UVp1JS+1h4o52zmSvup0bD1xoUnpuhPa7WE0XQOgl3v
 2X/YBSrQpVV6hwoTWuag9z4qyfsyP/jzTrYtw8e39ff1Fm7jUeKEvmoOuxdH/fD7
 hGPDcpvDq+5uTXAlWPEMtCoN3uFRqg9BybeKo4VMzFhim334i8x+8vp3kQyT7xi8
 b72UluDPQur9zwv1T+knQw5T33nP3xqc8BAWo7fy7Co+x7snwprzTWyDq8kIJxyA
 l3jg/4WNUEdoJkesPtcQUl2lWIP62UZAwIINfOtjzJP7pNNnZrW21Bs/xwPB6lo/
 TyeLEYQcx6SZH1rPTCE3TlGfXSGI/UpAlMbmxPf4LxcE9J8d4ixUtTxGeMftWceb
 enn9SX15DIyHC1uO4E0QfUCtwmBTnfOiG7U042zRFD8fZhegq2ZuAxPDvON8sFEC
 v1y8YlR/j9IYFtgRCsaCuqMlE9VIQSADWHsKTr7l+W4ne5kDzIClzlh+kV0ViJLt
 SpzGlddHo5GViHmgDeOikRbAji5+jACqh6d5boNWGvflSFQX8FFyOW5rkQARAQAB
 tGxPcGVuUHJvamVjdCBPcGVyYXRpb25zIFRlYW0gKE9wZW5Qcm9qZWN0IE9wZXJh
 dGlvbnMgRGVwbG95bWVudCBhbmQgU2lnbmluZyBrZXkpIDxvcGVyYXRpb25zQG9w
 ZW5wcm9qZWN0LmNvbT6JAk4EEwEIADgWIQTLHKBIinW3Rx6hsIfPVt1qCuJg5QUC
 ZVIbdwIbAwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRDPVt1qCuJg5fwwD/wO
 hTZtfSTmWs+/lgspHtfd+FADCn4yq8eCwEWgtG1YCGjyU0yffAsOaDYaeQtujLk4
 GYIZypugM9BkclZNhtSRWDQhq0kH9bZLTbD5HqZjaVw8zje3SnmqlrKNXt4R4Emp
 EHhiQMlJDbjHdTHQQ3xoUqPSwhvW5icFkKO0TdM/DbF7X9CRUBo8Lp2oL6Bfd3Ji
 TvlLiVVQ3xPPLkH8zN83VsdgYl3oy1TfyOQTLfh3Ws+osf748WQDHbipmuo/dnXs
 8McNixeHuUaOUK78eSXMcEAesbweHG6hQcpfyMcHdB1Q/2eoqUGpTvvLLQ+ChOmJ
 rNNiZAUC8GpD2dxVtODr81vSS7FJNQfXIC4pOJGPXqoZBXajuD95zbRQUO/ndG4i
 CETkkcSY1m7BAbPV1uWDOpnMhxG+lzoVraQjKkXJQByakRnTyQWeZW96iLp/2E3H
 vYJ54wfw1DdpnaB8c/x4izwODjTQpMVDXzJ6I/snL5Yd/GJJplDqz4d031dbcwHR
 eHPUKerI8WLjj6+MF1j34gsd9pvWGPoR69RaYDrA3Hnq+DJL4omMpr7GrSr2KJ8N
 /RmYP4Y4dJ5N0sNuEt096AHx1aAduYGnQv67M4d6v9E7ZqugfifTvF4Aq68Vp4Pv
 eOgG5oVLLZU/h7EO6t7uHJgWw+ozJq/nTVb698nK2rkCDQRlUht3ARAAuvNrUSAA
 8Dqzi98RRhQ52KUGzub9OKZ/VfsaD1AINiG0CNYNXgUcCzWqXIs+wXRfyziS+x8G
 WGkqN4MCPe6k3KYuKw94t//aZZ8T1iN8QyjMCfn5VGnwq36rXLcmfvlec5r6opZe
 I0I+SzSbR2gXNWbU4on4fCVP8ZJc8luNC+mD0qUqP9KGJA6moCbc4eDwKi3sdyh7
 4wNdDNq0WbTPFoxuJUAlcZjrJhwgjMe+tvRTVyJl3Yi8hth83R8PKic8S84lDZxR
 KTydu7zl2yFTBi+3jQS+UUIze2Gdfj4Mh5ClLQj55bIPOzHxSAakITo5RNzmiQTV
 pVGTrO2XYiygO6XgvLOhsumO37nsXOR0zPldbXUrLTY1J4srcn9MB1UikWLGqKqj
 fgdhyv/I9t3ARBMmj8VASOBjgKN4juNir+AAm1lg/5NZf1YGVTsCVRhwF56kQLyl
 D3TXkIJPnWvNminknvgpPMzWmR+alh2+Fh16FC53zfXHp5d2Ggk6gcWh2bvD87AQ
 avNiQtEGv84qEEAqAyiy03OFWeYnxh2BC+J/XWsvP8ZlCSICtEqOnNCqErabB1na
 0Lb6gOmxuY4Mk4N+TK+975iYDYmAH0o7Z58x/YAfUpSWqrx4C6Jz/F6GYtV2cl9B
 v3FyU0230LrMssb9XDsP6YU7SoJDaonWNPMAEQEAAYkCNgQYAQgAIBYhBMscoEiK
 dbdHHqGwh89W3WoK4mDlBQJlUht3AhsMAAoJEM9W3WoK4mDlrVcP/ind6InjSM61
 E3CUCrS0ahZgYGZL2lPJopnPzvB662IUWMjG8f5rfDoOweI9WiWoJkkg5XvVvt2V
 RkMoG3FIpGzh760olcNhhIKxgU2IRl2a+uo8QMXakgFFdN+X7uHgro1uu0ftzas4
 YFyQyBDJYobCZlHlGiF1b/z7JDpY2zQWqBR8bNXlphtDIC6pk5haaJdy8WDG3Yns
 JT0R74S1xTIKXjU5YK3QE1kulMJFDB+b+c9RkqVsAmuOZyPqfU7I+KlemuxKgZgI
 5rzoFzkDVcWmaozogOLOM2VSSBiTXxIhHYK9uPYuCttIF4biRjWzaVvfTJjf+KPn
 6oq0+u7vLfWRomMa+y4na5vrcVifivPNqQphPVU6F6v3f3GK4FpbrQmXli2L5rUL
 lIDiKDTUtoHP/BnOvz2zXHEY7hfWh4xrEskMXhIiJNIr+UmG/PSjbY/rbPFA1o5b
 Ln/i8y2UMmSRGvK5i2n9OhaLkMUiL0qLyRnzPXk+2cjvNdp2q1spiz107EigHqKq
 UXUdRUNX7RtW3gAZRrMple6AHTrQhZhdO2uksMg4YaP/KjKx/GqFty1qwSPF4Zum
 gfslJ6EB53uJJt9awcGFdFLHHci5ClEH9aGrboWlhx0erFKEcfjCnh8dAA/1UQ0R
 Ecu2CcmkBOHGAnMirYCSEZqu9Uz+9g7P
 =nG7D
 -----END PGP PUBLIC KEY BLOCK-----
--- a/helmfile/files/gpg-pubkeys/openproject-com.gpg.license
+++ b/helmfile/files/gpg-pubkeys/openproject-com.gpg.license
@@ -0,0 +1,2 @@
 # SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
 # SPDX-License-Identifier: Apache-2.0
Author	SHA1	Message	Date
opendesk	08ca525d3e	chore(release): 0.5.60 [skip ci] ## [0.5.60](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.59...v0.5.60) (2023-12-05) ### Bug Fixes * ci: Ensure release creation with artifacts ([`dc7ce0b`](`dc7ce0bc4b`))	2023-12-05 13:11:56 +00:00
merge-request-bot	dc7ce0bc4b	fix(ci): Ensure release creation with artifacts	2023-12-05 13:09:19 +00:00
opendesk	729a1ea849	chore(release): 0.5.59 [skip ci] ## [0.5.59](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.58...v0.5.59) (2023-12-05) ### Bug Fixes * helmfile: Add configurable objectstore ([`3b5493d`](`3b5493d78d`))	2023-12-05 08:36:22 +00:00
Robin Rush	3b5493d78d	fix(helmfile): Add configurable objectstore	2023-12-05 09:07:41 +01:00
opendesk	6711791009	chore(release): 0.5.58 [skip ci] ## [0.5.58](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.57...v0.5.58) (2023-12-01) ### Bug Fixes * cryptpad: Add websocket annotation ([`c41643e`](`c41643ee3e`)) * openproject: Add seederJob intent ([`05cc82d`](`05cc82d7c5`)) * openproject: Bump to 2.6.2 ([`c8bc8b3`](`c8bc8b3172`)) * services: Add NetworkPolicy section to docs/security.md ([`24812b6`](`24812b667c`)) * services: Add Otterize based security settings ([`bec9a2d`](`bec9a2d46b`)) * univention-management-stack: Add Otterize annotations for jobs ([`2628a0e`](`2628a0e13e`))	2023-12-01 20:53:38 +00:00
Dominik Kaminski	c41643ee3e	fix(cryptpad): Add websocket annotation	2023-12-01 20:50:08 +00:00
Dominik Kaminski	2628a0e13e	fix(univention-management-stack): Add Otterize annotations for jobs	2023-12-01 20:50:08 +00:00
Dominik Kaminski	c8bc8b3172	fix(openproject): Bump to 2.6.2	2023-12-01 20:50:08 +00:00
Dominik Kaminski	24812b667c	fix(services): Add NetworkPolicy section to docs/security.md	2023-12-01 20:50:08 +00:00
Dominik Kaminski	bec9a2d46b	fix(services): Add Otterize based security settings	2023-12-01 20:50:08 +00:00
Dominik Kaminski	05cc82d7c5	fix(openproject): Add seederJob intent	2023-12-01 20:50:08 +00:00
opendesk	82be996d97	chore(release): 0.5.57 [skip ci] ## [0.5.57](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.56...v0.5.57) (2023-12-01) ### Bug Fixes * helmfile: Using correct private registry for postfix helm-chart ([`d367739`](`d367739248`))	2023-12-01 20:48:37 +00:00
Martin Müller	d367739248	fix(helmfile): Using correct private registry for postfix helm-chart	2023-12-01 15:20:25 +00:00
opendesk	ef870ae385	chore(release): 0.5.56 [skip ci] ## [0.5.56](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.55...v0.5.56) (2023-11-30) ### Bug Fixes * element: Raise treshold for login rate limit to avoid too early barrier hitting normal users ([`466e741`](`466e741494`))	2023-11-30 15:33:14 +00:00
merge-request-bot	466e741494	fix(element): Raise treshold for login rate limit to avoid too early barrier hitting normal users	2023-11-30 15:31:25 +00:00
		`@@ -0,0 +1,2 @@`
							`# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"`
							`# SPDX-License-Identifier: Apache-2.0`