chore(release): 0.5.67 [skip ci]

## [0.5.67](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.66...v0.5.67) (2023-12-11)

### Bug Fixes

* **services:** Use Charts from openCoDE registry ([cc0daa2](cc0daa2a22))

CHANGELOG.md

@@ -1,3 +1,38 @@
+## [0.5.67](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.66...v0.5.67) (2023-12-11)
+
+
+### Bug Fixes
+
+* **services:** Use Charts from openCoDE registry ([cc0daa2](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/cc0daa2a22837c00583038ffd9df7e669004e84e))
+
+## [0.5.66](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.65...v0.5.66) (2023-12-08)
+
+
+### Bug Fixes
+
+* **element:** Update Element and Widgets ([6a26299](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/6a26299a7507ae749ffcf25288d2cf5b24d220db))
+
+## [0.5.65](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.64...v0.5.65) (2023-12-08)
+
+
+### Bug Fixes
+
+* **univention-management-stack:** Bump OX Connector ([83192b7](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/83192b78345c62465e2979195d9a1c882ddbf0ea))
+
+## [0.5.64](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.63...v0.5.64) (2023-12-06)
+
+
+### Bug Fixes
+
+* **openproject:** Switch to release container and set home url link ([e67ab8f](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/e67ab8f4304a525b50a3a723c86d1e610313c594))
+
+## [0.5.63](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.62...v0.5.63) (2023-12-06)
+
+
+### Bug Fixes
+
+* **nextcloud:** Remove Talk folder ([0ea5856](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/commit/0ea585633b4bf72fe180ca744cc99d9e9f84998f))
+
 ## [0.5.62](https://gitlab.opencode.de/bmi/opendesk/deployment/sovereign-workplace/compare/v0.5.61...v0.5.62) (2023-12-06)
 
 

docs/getting-started.md

@@ -12,7 +12,7 @@ This documentation should enable you to create your own evaluation instance of o
   * [Customize environment](#customize-environment)
     * [Domain](#domain)
     * [Apps](#apps)
-    * [Private OCI registry](#private-oci-registry)
+    * [Private Image registry](#private-image-registry)
     * [Private Helm registry](#private-helm-registry)
     * [Cluster capabilities](#cluster-capabilities)
       * [Service](#service)
@@ -129,9 +129,9 @@ jitsi:
   enabled: false
 ```
 
-### Private OCI registry
+### Private Image registry
 
-By default, all OCI artifacts are proxied via the project's container registry, which should get replaced soon by the
+By default, all OCI artifacts are proxied via the project's image registry, which should get replaced soon by the
 OCI registries provided by Open CoDE.
 
 You also can set your own registry by:
@@ -156,12 +156,32 @@ global:
 
 ### Private Helm registry
 
-Some apps use Chart Museum style helm registries. You can use your own registry by setting this environment variable:
+Some apps use OCI style registry and some use Helm chart museum style registries.
+In `helmfile/environments/default/charts.yaml` you can find all helm charts used and modify their registry, repository
+or version.
 
-```shell
-export PRIVATE_CHART_REPOSITORY_URL=charts.open.desk
+As an example, you can also use helmfile methods to use just a single environment variable to set registry and
+authentication for all OCI helm charts.
+
+```yaml
+charts:
+  certificates:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
 ```
 
+There is a full example including http and OCI style registries in `examples/private-helm-registry.yaml.gotmpl`.
+The following environment variables have to be exposed when using the example:
+
+| Environment variable                | Description                                                                                |
+|-------------------------------------|--------------------------------------------------------------------------------------------|
+| `OD_PRIVATE_HELM_OCI_REGISTRY`      | Registry for OCI hosted helm charts, example: `external-registry.souvap-univention.de`     |
+| `OD_PRIVATE_HELM_HTTP_REGISTRY`     | Registry URI for http hosted helm charts, `https://external-registry.souvap-univention.de` |
+| `OD_PRIVATE_HELM_REGISTRY_USERNAME` | Username                                                                                   |
+| `OD_PRIVATE_HELM_REGISTRY_PASSWORD` | Password                                                                                   |
+
+
 ### Cluster capabilities
 
 #### Service

docs/security.md

@@ -37,7 +37,7 @@ Helm Charts which are released via openDesk CI/CD process are always signed. The
 | opendesk-keycloak-bootstrap-repo     | yes | :white_check_mark: |
 | opendesk-nextcloud-bootstrap-repo    | yes | :white_check_mark: |
 | opendesk-open-xchange-bootstrap-repo | yes | :white_check_mark: |
-| openproject-repo                     | no  |        :x:         |
+| openproject-repo                     | yes | :white_check_mark: |
 | openxchange-repo                     | yes |        :x:         |
 | ox-connector-repo                    | no  |        :x:         |
 | postfix-repo                         | yes | :white_check_mark: |
@@ -93,7 +93,7 @@ This list gives you an overview of default security settings and if they comply
 |                 | guard-ui                       | :white_check_mark: |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1000    |    1000    |    -    |
 |                 | nextlcoud-integration-ui       | :white_check_mark: |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1000    |    1000    |    -    |
 |                 | public-sector-ui               | :white_check_mark: |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1000    |    1000    |    -    |
-| OpenProject     | openproject                    |        :x:         |         :white_check_mark:         |                                                                      :x:                                                                       |        :white_check_mark:         |               :x:               |          :x:          |     -     |     -      |    -    |
+| OpenProject     | openproject                    | :white_check_mark: |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1000    |    1000    |  1000   |
 | Postfix         | postfix                        |        :x:         |                :x:                 |                                                                      :x:                                                                       |        :white_check_mark:         |               :x:               |          :x:          |     -     |     -      |   101   |
 | PostgreSQL      | postgresql                     | :white_check_mark: |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1001    |    1001    |  1001   |
 | Redis           | redis                          |        :x:         |         :white_check_mark:         |                                                               :white_check_mark:                                                               |        :white_check_mark:         |       :white_check_mark:        |  :white_check_mark:   |   1001    |     0      |  1001   |

examples/private-helm-registry.yaml.gotmpl

@@ -0,0 +1,266 @@
+{{/*
+SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+charts:
+  certificates:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    password: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  clamav:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  clamavSimple:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  collabora:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  cryptpad:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  dovecot:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  element:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  elementWellKnown:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  intercomService:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  istioResources:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  jitsi:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  keycloak:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  keycloakBootstrap:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  keycloakExtensions:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  keycloakTheme:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  mariadb:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  matrixNeoboardWidget:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  matrixNeochoiseWidget:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  matrixNeodatefixBot:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  matrixNeodatefixWidget:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  matrixUserVerificationService:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  memcached:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  minio:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  nextcloud:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  nextcloudBootstrap:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  nginx:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  openproject:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  openprojectBootstrap:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  openXchangeAppSuite:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  openXchangeAppSuiteBootstrap:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  otterize:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  oxConnector:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  postfix:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  postgresql:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  redis:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  synapse:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  synapseCreateAccount:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  synapseWeb:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsLdapNotifier:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsLdapServer:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsNotificationsApi:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsPortalFrontend:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsPortalListener:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsPortalServer:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsStackDataSwp:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsStackDataUms:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsStoreDav:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsUdmRestApi:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsUmcGateway:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  umsUmcServer:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  univentionCorporateServer:
+   registry: {{ requiredEnv "OD_PRIVATE_HELM_OCI_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+
+  xwiki:
+    registry: {{ requiredEnv "OD_PRIVATE_HELM_HTTP_REGISTRY" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_USERNAME" | quote }}
+    username: {{ env "OD_PRIVATE_HELM_REGISTRY_PASSWORD" | quote }}
+...

helmfile/apps/collabora/helmfile.yaml

@@ -3,25 +3,19 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # Collabora Online
   # Source: https://github.com/CollaboraOnline/online
   - name: "collabora-online-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://collaboraonline.github.io/online" }}
+    username: "{{ .Values.charts.collabora.username }}"
+    password: {{ .Values.charts.collabora.password | quote }}
+    url: "{{ .Values.charts.collabora.registry }}/{{ .Values.charts.collabora.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://collaboraonline.github.io/online
-  # packageName=collabora-online
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "collabora-online"
-    chart: "collabora-online-repo/collabora-online"
-    version: "1.0.2"
+    chart: "collabora-online-repo/{{ .Values.charts.collabora.name }}"
+    version: "{{ .Values.charts.collabora.version }}"
     values:
       - "values.yaml"
       - "values.gotmpl"

helmfile/apps/cryptpad/helmfile.yaml

@@ -3,25 +3,19 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # CryptPad
   # Source: https://github.com/cryptpad/helm
-  - name: "cryptpad-online-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://cryptpad.github.io/helm" }}
+  - name: "cryptpad-repo"
+    username: "{{ .Values.charts.cryptpad.username }}"
+    password: {{ .Values.charts.cryptpad.password | quote }}
+    url: "{{ .Values.charts.cryptpad.registry }}/{{ .Values.charts.cryptpad.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://cryptpad.github.io/helm
-  # packageName=cryptpad
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "cryptpad"
-    chart: "cryptpad-online-repo/cryptpad"
-    version: "0.0.14"
+    chart: "cryptpad-repo/{{ .Values.charts.cryptpad.name }}"
+    version: "{{ .Values.charts.cryptpad.version }}"
     values:
       - "values.yaml"
       - "values.gotmpl"

helmfile/apps/element/helmfile.yaml

@@ -7,177 +7,176 @@ bases:
 repositories:
   # openDesk Element
   # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/sovereign-workplace-element
-  - name: "opendesk-element-repo"
+  - name: "element-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.element.verify }}
+    username: "{{ .Values.charts.element.username }}"
+    password: {{ .Values.charts.element.password | quote }}
+    url: "{{ .Values.charts.element.registry }}/{{ .Values.charts.element.repository }}"
+  - name: "element-well-known-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.element.verify }}
+    username: "{{ .Values.charts.elementWellKnown.username }}"
+    password: {{ .Values.charts.elementWellKnown.password | quote }}
+    url: "{{ .Values.charts.elementWellKnown.registry }}/{{ .Values.charts.elementWellKnown.repository }}"
+  - name: "synapse-web-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.element.verify }}
+    username: "{{ .Values.charts.synapseWeb.username }}"
+    password: {{ .Values.charts.synapseWeb.password | quote }}
+    url: "{{ .Values.charts.synapseWeb.registry }}/{{ .Values.charts.synapseWeb.repository }}"
+  - name: "synapse-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.element.verify }}
+    username: "{{ .Values.charts.synapse.username }}"
+    password: {{ .Values.charts.synapse.password | quote }}
+    url: "{{ .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
+  - name: "synapse-create-account-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.element.verify }}
+    username: "{{ .Values.charts.synapseCreateAccount.username }}"
+    password: {{ .Values.charts.synapseCreateAccount.password | quote }}
+    url: "{{ .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}"
 
   # openDesk Matrix Widgets
   # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/opendesk-matrix-widgets
-  - name: "opendesk-matrix-widgets-repo"
+  - name: "matrix-user-verification-service-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.matrixUserVerificationService.verify }}
+    username: "{{ .Values.charts.matrixUserVerificationService.username }}"
+    password: {{ .Values.charts.matrixUserVerificationService.password | quote }}
+    url: "{{ .Values.charts.matrixUserVerificationService.registry }}/\
+      {{ .Values.charts.matrixUserVerificationService.repository }}"
+  - name: "matrix-neoboard-widget-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
+    username: "{{ .Values.charts.matrixNeoboardWidget.username }}"
+    password: {{ .Values.charts.matrixNeoboardWidget.password | quote }}
+    url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
+  - name: "matrix-neochoice-widget-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
+    username: "{{ .Values.charts.matrixNeoboardWidget.username }}"
+    password: {{ .Values.charts.matrixNeoboardWidget.password | quote }}
+    url: "{{ .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
+  - name: "matrix-neodatefix-widget-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
+    username: "{{ .Values.charts.matrixNeodatefixWidget.username }}"
+    password: {{ .Values.charts.matrixNeodatefixWidget.password | quote }}
+    url: "{{ .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}"
+  - name: "matrix-neodatefix-bot-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
+    username: "{{ .Values.charts.matrixNeodatefixBot.username }}"
+    password: {{ .Values.charts.matrixNeodatefixBot.password | quote }}
+    url: "{{ .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"
+
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-element"
-    chart: "opendesk-element-repo/opendesk-element"
-    version: "2.5.1"
+    chart: "element-repo/{{ .Values.charts.element.name }}"
+    version: "{{ .Values.charts.element.version }}"
     values:
       - "values-element.yaml"
       - "values-element.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-well-known"
-    chart: "opendesk-element-repo/opendesk-well-known"
-    version: "2.5.1"
+    chart: "element-well-known-repo/{{ .Values.charts.elementWellKnown.name }}"
+    version: "{{ .Values.charts.elementWellKnown.version }}"
     values:
       - "values-well-known.yaml"
       - "values-well-known.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-synapse-web"
-    chart: "opendesk-element-repo/opendesk-synapse-web"
-    version: "2.5.1"
+    chart: "synapse-web-repo/{{ .Values.charts.synapseWeb.name }}"
+    version: "{{ .Values.charts.synapseWeb.version }}"
     values:
       - "values-synapse-web.yaml"
       - "values-synapse-web.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-synapse"
-    chart: "opendesk-element-repo/opendesk-synapse"
-    version: "2.5.1"
+    chart: "synapse-repo/{{ .Values.charts.synapse.name }}"
+    version: "{{ .Values.charts.synapse.version }}"
     values:
       - "values-synapse.yaml"
       - "values-synapse.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-matrix-user-verification-service-bootstrap"
-    chart: "opendesk-element-repo/opendesk-synapse-create-account"
-    version: "2.5.1"
+    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
+    version: "{{ .Values.charts.synapseCreateAccount.version }}"
     values:
       - "values-matrix-user-verification-service-bootstrap.yaml"
       - "values-matrix-user-verification-service-bootstrap.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-matrix-user-verification-service"
-    chart: "opendesk-element-repo/opendesk-matrix-user-verification-service"
-    version: "2.5.1"
+    chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
+    version: "{{ .Values.charts.matrixUserVerificationService.version }}"
     values:
       - "values-matrix-user-verification-service.yaml"
       - "values-matrix-user-verification-service.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "matrix-neoboard-widget"
-    chart: "opendesk-matrix-widgets-repo/matrix-neoboard-widget"
-    version: "3.2.0"
+    chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
+    version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
     values:
       - "values-matrix-neoboard-widget.yaml"
       - "values-matrix-neoboard-widget.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "matrix-neochoice-widget"
-    chart: "opendesk-matrix-widgets-repo/matrix-neochoice-widget"
-    version: "3.2.0"
+    chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
+    version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
     values:
       - "values-matrix-neochoice-widget.yaml"
       - "values-matrix-neochoice-widget.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "matrix-neodatefix-widget"
-    chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-widget"
-    version: "3.2.0"
+    chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
+    version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
     values:
       - "values-matrix-neodatefix-widget.yaml"
       - "values-matrix-neodatefix-widget.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "matrix-neodatefix-bot-bootstrap"
-    chart: "opendesk-element-repo/opendesk-synapse-create-account"
-    version: "2.5.1"
+    chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
+    version: "{{ .Values.charts.synapseCreateAccount.version }}"
     values:
       - "values-matrix-neodatefix-bot-bootstrap.yaml"
       - "values-matrix-neodatefix-bot-bootstrap.gotmpl"
     installed: {{ .Values.element.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "matrix-neodatefix-bot"
-    chart: "opendesk-matrix-widgets-repo/matrix-neodatefix-bot"
-    version: "3.2.0"
+    chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
+    version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
     values:
       - "values-matrix-neodatefix-bot.yaml"
       - "values-matrix-neodatefix-bot.gotmpl"

helmfile/apps/intercom-service/helmfile.yaml

@@ -3,28 +3,22 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # Intercom Service
   # Source: https://gitlab.souvap-univention.de/souvap/tooling/charts/intercom-service
   - name: "intercom-service-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/intercom-service" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.intercomService.verify }}
+    username: "{{ .Values.charts.intercomService.username }}"
+    password: {{ .Values.charts.intercomService.password | quote }}
+    url: "{{ .Values.charts.intercomService.registry }}/{{ .Values.charts.intercomService.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/intercom-service/intercom-service
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "intercom-service"
-    chart: "intercom-service-repo/intercom-service"
-    version: "2.0.1"
+    chart: "intercom-service-repo/{{ .Values.charts.intercomService.name }}"
+    version: "{{ .Values.charts.intercomService.version }}"
     values:
       - "values.yaml"
       - "values.gotmpl"

helmfile/apps/jitsi/helmfile.yaml

@@ -3,28 +3,22 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk Jitsi
   # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-jitsi
   - name: "jitsi-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.jitsi.verify }}
+    username: "{{ .Values.charts.jitsi.username }}"
+    password: {{ .Values.charts.jitsi.password | quote }}
+    url: "{{ .Values.charts.jitsi.registry }}/{{ .Values.charts.jitsi.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "jitsi"
-    chart: "jitsi-repo/sovereign-workplace-jitsi"
-    version: "1.7.1"
+    chart: "jitsi-repo/{{ .Values.charts.jitsi.name }}"
+    version: "{{ .Values.charts.jitsi.version }}"
     values:
       - "values-jitsi.gotmpl"
     installed: {{ .Values.jitsi.enabled }}

helmfile/apps/keycloak-bootstrap/helmfile.yaml

@@ -3,30 +3,22 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk Keycloak Bootstrap
   # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-keycloak-bootstrap
   - name: "opendesk-keycloak-bootstrap-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.keycloakBootstrap.verify }}
+    username: "{{ .Values.charts.keycloakBootstrap.username }}"
+    password: {{ .Values.charts.keycloakBootstrap.password | quote }}
+    url: "{{ .Values.charts.keycloakBootstrap.registry }}/{{ .Values.charts.keycloakBootstrap.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-keycloak-bootstrap/opendesk-keycloak-bootstrap
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-keycloak-bootstrap"
-    chart: "opendesk-keycloak-bootstrap-repo/sovereign-workplace-keycloak-bootstrap"
-    version: "1.1.12"
+    chart: "opendesk-keycloak-bootstrap-repo/{{ .Values.charts.keycloakBootstrap.name }}"
+    version: "{{ .Values.charts.keycloakBootstrap.version }}"
     values:
       - "values-bootstrap.gotmpl"
       - "values-bootstrap.yaml"

helmfile/apps/keycloak/helmfile.yaml

@@ -3,54 +3,45 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # VMWare Bitnami
   # Source: https://github.com/bitnami/charts/
-  - name: "bitnami-repo"
+  - name: "keycloak-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.keycloak.verify }}
+    username: "{{ .Values.charts.keycloak.username }}"
+    password: {{ .Values.charts.keycloak.password | quote }}
+    url: "{{ .Values.charts.keycloak.registry }}/{{ .Values.charts.keycloak.repository }}"
+
   # openDesk Keycloak Theme
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-keycloak-theme
   - name: "keycloak-theme-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/keycloak-theme" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.keycloakTheme.verify }}
+    username: "{{ .Values.charts.keycloakTheme.username }}"
+    password: {{ .Values.charts.keycloakTheme.password | quote }}
+    url: "{{ .Values.charts.keycloakTheme.registry }}/{{ .Values.charts.keycloakTheme.repository }}"
+
   # openDesk Keycloak Extensions
   - name: "keycloak-extensions-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable" }}
+    username: "{{ .Values.charts.keycloakExtensions.username }}"
+    password: {{ .Values.charts.keycloakExtensions.password | quote }}
+    url: "{{ .Values.charts.keycloakExtensions.registry }}/{{ .Values.charts.keycloakExtensions.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "keycloak-theme"
-    chart: "keycloak-theme-repo/opendesk-keycloak-theme"
-    version: "2.0.0"
+    chart: "keycloak-theme-repo/{{ .Values.charts.keycloakTheme.name }}"
+    version: "{{ .Values.charts.keycloakTheme.version }}"
     values:
       - "values-theme.gotmpl"
     installed: {{ .Values.keycloak.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/bitnami-charts/keycloak
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "keycloak"
-    chart: "bitnami-repo/keycloak"
-    version: "12.1.5"
+    chart: "keycloak-repo/{{ .Values.charts.keycloak.name }}"
+    version: "{{ .Values.charts.keycloak.version }}"
     values:
       - "values-keycloak.gotmpl"
       - "values-keycloak.yaml"
@@ -58,14 +49,9 @@ releases:
     wait: true
     installed: {{ .Values.keycloak.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable
-  # packageName=keycloak-extensions
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "keycloak-extensions"
-    chart: "keycloak-extensions-repo/keycloak-extensions"
-    version: "0.1.0"
+    chart: "keycloak-extensions-repo/{{ .Values.charts.keycloakExtensions.name }}"
+    version: "{{ .Values.charts.keycloakExtensions.version }}"
     needs:
       - "keycloak"
     values:

helmfile/apps/nextcloud/helmfile.yaml

@@ -3,37 +3,30 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk Keycloak Bootstrap
   # Source:
   #  https://gitlab.opencode.de/bmi/opendesk/components/charts/sovereign-workplace-nextcloud-bootstrap
-  - name: "opendesk-nextcloud-bootstrap-repo"
+  - name: "nextcloud-bootstrap-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.nextcloudBootstrap.verify }}
+    username: "{{ .Values.charts.nextcloudBootstrap.username }}"
+    password: {{ .Values.charts.nextcloudBootstrap.password | quote }}
+    url: "{{ .Values.charts.nextcloudBootstrap.registry }}/{{ .Values.charts.nextcloudBootstrap.repository }}"
+
   # Nextcloud
   # Source: https://github.com/nextcloud/helm/
   - name: "nextcloud-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://nextcloud.github.io/helm/" }}
+    username: "{{ .Values.charts.nextcloud.username }}"
+    password: {{ .Values.charts.nextcloud.password | quote }}
+    url: "{{ .Values.charts.nextcloud.registry }}/{{ .Values.charts.nextcloud.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-nextcloud-bootstrap"
-    chart: "opendesk-nextcloud-bootstrap-repo/opendesk-nextcloud-bootstrap"
-    version: "3.2.5"
+    chart: "nextcloud-bootstrap-repo/{{ .Values.charts.nextcloudBootstrap.name }}"
+    version: "{{ .Values.charts.nextcloudBootstrap.version }}"
     wait: true
     waitForJobs: true
     values:
@@ -42,14 +35,9 @@ releases:
     installed: {{ .Values.nextcloud.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://nextcloud.github.io/helm
-  # packageName=nextcloud
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "nextcloud"
-    chart: "nextcloud-repo/nextcloud"
-    version: "3.5.19"
+    chart: "nextcloud-repo/{{ .Values.charts.nextcloud.name }}"
+    version: "{{ .Values.charts.nextcloud.version }}"
     needs:
       - "opendesk-nextcloud-bootstrap"
     values:

helmfile/apps/open-xchange/helmfile.yaml

@@ -3,58 +3,49 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk Dovecot
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-dovecot
-  - name: "opendesk-dovecot-repo"
+  - name: "dovecot-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/dovecot" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.dovecot.verify }}
+    username: "{{ .Values.charts.dovecot.username }}"
+    password: {{ .Values.charts.dovecot.password | quote }}
+    url: "{{ .Values.charts.dovecot.registry }}/{{ .Values.charts.dovecot.repository }}"
+
   # Open-Xchange
-  - name: "openxchange-repo"
+  - name: "open-xchange-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default "registry.open-xchange.com" }}
+    username: "{{ .Values.charts.openXchangeAppSuite.username }}"
+    password: {{ .Values.charts.openXchangeAppSuite.password | quote }}
+    url: "{{ .Values.charts.openXchangeAppSuite.registry }}/{{ .Values.charts.openXchangeAppSuite.repository }}"
+
   # openDesk Open-Xchange Bootstrap
   # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-open-xchange-bootstrap
-  - name: "opendesk-open-xchange-bootstrap-repo"
+  - name: "open-xchange-bootstrap-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.openXchangeAppSuiteBootstrap.verify }}
+    username: "{{ .Values.charts.openXchangeAppSuiteBootstrap.username }}"
+    password: {{ .Values.charts.openXchangeAppSuiteBootstrap.password | quote }}
+    url: "{{ .Values.charts.openXchangeAppSuiteBootstrap.registry }}/\
+      {{ .Values.charts.openXchangeAppSuiteBootstrap.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/dovecot/dovecot
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "dovecot"
-    chart: "opendesk-dovecot-repo/dovecot"
-    version: "1.3.6"
+    chart: "dovecot-repo/{{ .Values.charts.dovecot.name }}"
+    version: "{{ .Values.charts.dovecot.version }}"
     values:
       - "values-dovecot.yaml"
       - "values-dovecot.gotmpl"
     installed: {{ .Values.dovecot.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.open-xchange.com
-  # packageName=appsuite-public-sector/charts/appsuite-public-sector
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "open-xchange"
-    chart: "openxchange-repo/appsuite-public-sector/charts/appsuite-public-sector"
-    version: "2.1.1"
+    chart: "open-xchange-repo/{{ .Values.charts.openXchangeAppSuite.name }}"
+    version: "{{ .Values.charts.openXchangeAppSuite.version }}"
     values:
       - "values-openxchange.yaml"
       - "values-openxchange.gotmpl"
@@ -63,14 +54,9 @@ releases:
     installed: {{ .Values.oxAppsuite.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-open-xchange-bootstrap"
-    chart: "opendesk-open-xchange-bootstrap-repo/sovereign-workplace-open-xchange-bootstrap"
-    version: "1.3.1"
+    chart: "open-xchange-bootstrap-repo/{{ .Values.charts.openXchangeAppSuiteBootstrap.name }}"
+    version: "{{ .Values.charts.openXchangeAppSuiteBootstrap.version }}"
     values:
       - "values-openxchange-bootstrap.gotmpl"
     installed: {{ .Values.oxAppsuite.enabled }}

helmfile/apps/openproject-bootstrap/helmfile.yaml

@@ -3,30 +3,22 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk OpenProject Bootstrap
   # Source: Set when repo is managed on Open CoDE
-  - name: "opendesk-openproject-bootstrap-repo"
+  - name: "openproject-bootstrap-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.openprojectBootstrap.verify }}
+    username: "{{ .Values.charts.openprojectBootstrap.username }}"
+    password: {{ .Values.charts.openprojectBootstrap.password | quote }}
+    url: "{{ .Values.charts.openprojectBootstrap.registry }}/{{ .Values.charts.openprojectBootstrap.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "opendesk-openproject-bootstrap"
-    chart: "opendesk-openproject-bootstrap-repo/opendesk-openproject-bootstrap"
-    version: "1.2.1"
+    chart: "openproject-bootstrap-repo/{{ .Values.charts.openprojectBootstrap.name }}"
+    version: "{{ .Values.charts.openprojectBootstrap.version }}"
     wait: true
     waitForJobs: true
     values:

helmfile/apps/openproject/helmfile.yaml

@@ -3,27 +3,22 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # OpenProject
   # Source: https://github.com/opf/helm-charts
   - name: "openproject-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://charts.openproject.org" }}
-    verify: true
+    oci: true
     keyring: "../../files/gpg-pubkeys/openproject-com.gpg"
+    verify: {{ .Values.charts.openproject.verify }}
+    username: "{{ .Values.charts.openproject.username }}"
+    password: {{ .Values.charts.openproject.password | quote }}
+    url: "{{ .Values.charts.openproject.registry }}/{{ .Values.charts.openproject.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://charts.openproject.org
-  # packageName=openproject
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "openproject"
-    chart: "openproject-repo/openproject"
-    version: "2.6.2"
+    chart: "openproject-repo/{{ .Values.charts.openproject.name }}"
+    version: "{{ .Values.charts.openproject.version }}"
     wait: true
     waitForJobs: true
     values:

helmfile/apps/openproject/values.gotmpl

@@ -87,6 +87,7 @@ environment:
   OPENPROJECT_FOG_CREDENTIALS_REGION: {{ .Values.objectstores.openproject.region | quote }}
   OPENPROJECT_FOG_DIRECTORY: {{ .Values.objectstores.openproject.bucket | quote }}
   OPENPROJECT_FOG_CREDENTIALS_USE__IAM__PROFILE: {{ .Values.objectstores.openproject.useIAMProfile | default "false" | quote }}
+  OPENPROJECT_HOME__URL: {{ printf "https://%s.%s/" .Values.global.hosts.univentionManagementStack .Values.global.domain | quote }}
 
 replicaCount: {{ .Values.replicas.openproject }}
 

helmfile/apps/openproject/values.yaml

@@ -30,11 +30,18 @@ openproject:
   # seed will only be executed on initial installation
   seed_locale: "de"
 
-securityContext:
+containerSecurityContext:
+  enabled: true
+  runAsUser: 1000
+  runAsGroup: 1000
   allowPrivilegeEscalation: false
+  capabilities:
+    drop:
+      - "ALL"
   seccompProfile:
     type: "RuntimeDefault"
-  readOnlyRootFilesystem: false
+  readOnlyRootFilesystem: true
+  runAsNonRoot: true
 
 persistence:
   enabled: false

helmfile/apps/provisioning/helmfile.yaml

@@ -3,24 +3,18 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # OX Connector
   - name: "ox-connector-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable" }}
+    username: "{{ .Values.charts.oxConnector.username }}"
+    password: {{ .Values.charts.oxConnector.password | quote }}
+    url: "{{ .Values.charts.oxConnector.registry }}/{{ .Values.charts.oxConnector.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable
-  # packageName=ox-connector
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ox-connector"
-    chart: "ox-connector-repo/ox-connector"
-    version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
+    chart: "ox-connector-repo/{{ .Values.charts.oxConnector.name }}"
+    version: "{{ .Values.charts.oxConnector.version }}"
     values:
       - "values-oxconnector.yaml"
       - "values-oxconnector.gotmpl"

helmfile/apps/services/helmfile.yaml

@@ -3,224 +3,194 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk Otterize
   # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-otterize
-  - name: "opendesk-otterize-repo"
+  - name: "otterize-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/opendesk-otterize" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.otterize.verify }}
+    username: "{{ .Values.charts.otterize.username }}"
+    password: {{ .Values.charts.otterize.password | quote }}
+    url: "{{ .Values.charts.otterize.registry }}/{{ .Values.charts.otterize.repository }}"
+
   # openDesk Certificates
   # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-certificates
-  - name: "opendesk-certificates-repo"
+  - name: "certificates-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.certificates.verify }}
+    username: "{{ .Values.charts.certificates.username }}"
+    password: {{ .Values.charts.certificates.password | quote }}
+    url: "{{ .Values.charts.certificates.registry }}/{{ .Values.charts.certificates.repository }}"
+
   # openDesk PostgreSQL
   # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postgresql
   - name: "postgresql-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postgresql" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.postgresql.verify }}
+    username: "{{ .Values.charts.postgresql.username }}"
+    password: {{ .Values.charts.postgresql.password | quote }}
+    url: "{{ .Values.charts.postgresql.registry }}/{{ .Values.charts.postgresql.repository }}"
+
   # openDesk MariaDB
-  # Source: https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-mariadb
+  # Source: https://gitlab.opencode.de/bmi/opendesk/components/charts/opendesk-mariadb
   - name: "mariadb-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/mariadb" }}
-    verify: true
-    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    keyring: "../../files/gpg-pubkeys/opencode.gpg"
+    verify: {{ .Values.charts.mariadb.verify }}
+    username: "{{ .Values.charts.mariadb.username }}"
+    password: {{ .Values.charts.mariadb.password | quote }}
+    url: "{{ .Values.charts.mariadb.registry }}/{{ .Values.charts.mariadb.repository }}"
+
   # openDesk Postfix
   # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-postfix
   - name: "postfix-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/postfix" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.postfix.verify }}
+    username: "{{ .Values.charts.postfix.username }}"
+    password: {{ .Values.charts.postfix.password | quote }}
+    url: "{{ .Values.charts.postfix.registry }}/{{ .Values.charts.postfix.repository }}"
+
   # openDesk Istio Resources
   # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-istio-resources
   - name: "istio-resources-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/istio-ressources" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.istioResources.verify }}
+    username: "{{ .Values.charts.istioResources.username }}"
+    password: {{ .Values.charts.istioResources.password | quote }}
+    url: "{{ .Values.charts.istioResources.registry }}/{{ .Values.charts.istioResources.repository }}"
+
   # openDesk ClamAV
   # https://gitlab.opencode.de/bmi/souveraener_arbeitsplatz/components/charts/opendesk-clamav
   - name: "clamav-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/clamav" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.clamav.verify }}
+    username: "{{ .Values.charts.clamav.username }}"
+    password: {{ .Values.charts.clamav.password | quote }}
+    url: "{{ .Values.charts.clamav.registry }}/{{ .Values.charts.clamav.repository }}"
+  - name: "clamav-simple-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.clamavSimple.verify }}
+    username: "{{ .Values.charts.clamavSimple.username }}"
+    password: {{ .Values.charts.clamavSimple.password | quote }}
+    url: "{{ .Values.charts.clamavSimple.registry }}/{{ .Values.charts.clamavSimple.repository }}"
+
   # VMWare Bitnami
   # Source: https://github.com/bitnami/charts/
-  - name: "bitnami-repo"
+  - name: "memcached-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.memcached.verify }}
+    username: "{{ .Values.charts.memcached.username }}"
+    password: {{ .Values.charts.memcached.password | quote }}
+    url: "{{ .Values.charts.memcached.registry }}/{{ .Values.charts.memcached.repository }}"
+  - name: "redis-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.redis.verify }}
+    username: "{{ .Values.charts.redis.username }}"
+    password: {{ .Values.charts.redis.password | quote }}
+    url: "{{ .Values.charts.redis.registry }}/{{ .Values.charts.redis.repository }}"
+  - name: "minio-repo"
+    oci: true
+    keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.minio.verify }}
+    username: "{{ .Values.charts.minio.username }}"
+    password: {{ .Values.charts.minio.password | quote }}
+    url: "{{ .Values.charts.minio.registry }}/{{ .Values.charts.minio.repository }}"
+
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize
-  # dataSource=docker
-  # dependencyType=service
   - name: "opendesk-otterize"
-    chart: "opendesk-otterize-repo/opendesk-otterize"
-    version: "1.1.3"
+    chart: "otterize-repo/{{ .Values.charts.otterize.name }}"
+    version: "{{ .Values.charts.otterize.version }}"
     values:
       - "values-otterize.gotmpl"
     installed: {{ .Values.security.otterizeIntents.enabled }}
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates
-  # dataSource=docker
-  # dependencyType=service
+
   - name: "opendesk-certificates"
-    chart: "opendesk-certificates-repo/opendesk-certificates"
-    version: "2.1.0"
+    chart: "certificates-repo/{{ .Values.charts.certificates.name }}"
+    version: "{{ .Values.charts.certificates.version }}"
     values:
       - "values-certificates.gotmpl"
     installed: {{ .Values.certificates.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/bitnami-charts/redis
-  # dataSource=docker
-  # dependencyType=service
   - name: "redis"
-    chart: "bitnami-repo/redis"
-    version: "18.1.2"
+    chart: "redis-repo/{{ .Values.charts.redis.name }}"
+    version: "{{ .Values.charts.redis.version }}"
     values:
       - "values-redis.gotmpl"
       - "values-redis.yaml"
     installed: {{ .Values.redis.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/bitnami-charts/memcached
-  # dataSource=docker
-  # dependencyType=service
   - name: "memcached"
-    chart: "bitnami-repo/memcached"
-    version: "6.6.2"
+    chart: "memcached-repo/{{ .Values.charts.memcached.name }}"
+    version: "{{ .Values.charts.memcached.version }}"
     values:
       - "values-memcached.yaml"
       - "values-memcached.gotmpl"
     installed: {{ .Values.memcached.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/postgresql/postgresql
-  # dataSource=docker
-  # dependencyType=service
   - name: "postgresql"
-    chart: "postgresql-repo/postgresql"
-    version: "2.0.3"
+    chart: "postgresql-repo/{{ .Values.charts.postgresql.name }}"
+    version: "{{ .Values.charts.postgresql.version }}"
     values:
       - "values-postgresql.yaml"
       - "values-postgresql.gotmpl"
     installed: {{ .Values.postgresql.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/mariadb/mariadb
-  # dataSource=docker
-  # dependencyType=service
   - name: "mariadb"
-    chart: "mariadb-repo/mariadb"
-    version: "2.1.1"
+    chart: "mariadb-repo/{{ .Values.charts.mariadb.name }}"
+    version: "{{ .Values.charts.mariadb.version }}"
     values:
       - "values-mariadb.yaml"
       - "values-mariadb.gotmpl"
     installed: {{ .Values.mariadb.enabled }}
     timeout: 900
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/postfix/postfix
-  # dataSource=docker
-  # dependencyType=service
   - name: "postfix"
-    chart: "postfix-repo/postfix"
-    version: "2.0.4"
+    chart: "postfix-repo/{{ .Values.charts.postfix.name }}"
+    version: "{{ .Values.charts.postfix.version }}"
     values:
       - "values-postfix.yaml"
       - "values-postfix.gotmpl"
     installed: {{ .Values.postfix.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/clamav/opendesk-clamav
-  # dataSource=docker
-  # dependencyType=service
   - name: "clamav"
-    chart: "clamav-repo/opendesk-clamav"
-    version: "4.0.0"
+    chart: "clamav-repo/{{ .Values.charts.clamav.name }}"
+    version: "{{ .Values.charts.clamav.version }}"
     values:
       - "values-clamav-distributed.yaml"
       - "values-clamav-distributed.gotmpl"
     installed: {{ .Values.clamavDistributed.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/clamav/clamav-simple
-  # dataSource=docker
-  # dependencyType=service
   - name: "clamav-simple"
-    chart: "clamav-repo/clamav-simple"
-    version: "4.0.0"
+    chart: "clamav-simple-repo/{{ .Values.charts.clamavSimple.name }}"
+    version: "{{ .Values.charts.clamavSimple.version }}"
     values:
       - "values-clamav-simple.yaml"
       - "values-clamav-simple.gotmpl"
     installed: {{ .Values.clamavSimple.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/istio-ressources/istio-gateway
-  # dataSource=docker
-  # dependencyType=service
   - name: "opendesk-gateway"
-    chart: "istio-resources-repo/istio-gateway"
-    version: "2.0.0"
+    chart: "istio-resources-repo/{{ .Values.charts.istioResources.name }}"
+    version: "{{ .Values.charts.istioResources.version }}"
     values:
       - "values-istio-gateway.yaml"
       - "values-istio-gateway.gotmpl"
     installed: {{ .Values.istio.enabled }}
 
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/bitnami-charts/minio
-  # dataSource=docker
-  # dependencyType=service
   - name: "minio"
-    chart: "bitnami-repo/minio"
-    version: "12.8.19"
+    chart: "minio-repo/{{ .Values.charts.minio.name }}"
+    version: "{{ .Values.charts.minio.version }}"
     values:
       - "values-minio.yaml"
       - "values-minio.gotmpl"

helmfile/apps/services/values-mariadb.gotmpl

@@ -8,6 +8,9 @@ global:
   imagePullSecrets:
     {{ .Values.global.imagePullSecrets | toYaml | nindent 4 }}
 
+cleanup:
+  deletePodsOnSuccess: {{ .Values.cleanup.deletePodsOnSuccess }}
+
 image:
   repository: {{ .Values.images.mariadb.repository | quote }}
   tag: {{ .Values.images.mariadb.tag | quote }}

helmfile/apps/univention-corporate-container/helmfile.yaml

@@ -3,29 +3,22 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # openDesk Univention Corporate Server (as eval Container)
   - name: "univention-corporate-container-repo"
     oci: true
-    # yamllint disable rule:line-length
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" | default
-         "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/univention-corporate-container" }}
-    # yamllint enable rule:line-length
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.univentionCorporateServer.verify }}
+    username: "{{ .Values.charts.univentionCorporateServer.username }}"
+    password: {{ .Values.charts.univentionCorporateServer.password | quote }}
+    url: "{{ .Values.charts.univentionCorporateServer.registry }}/\
+      {{ .Values.charts.univentionCorporateServer.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "univention-corporate-container"
-    chart: "univention-corporate-container-repo/univention-corporate-container"
-    version: "1.0.10"
+    chart: "univention-corporate-container-repo/{{ .Values.charts.univentionCorporateServer.name }}"
+    version: "{{ .Values.charts.univentionCorporateServer.version }}"
     values:
       - "values.yaml"
       - "values.gotmpl"

helmfile/apps/univention-management-stack/helmfile.yaml

@@ -3,7 +3,6 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # Univention Management Stack
@@ -13,50 +12,35 @@ repositories:
          default "https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable" }}
   # VMWare Bitnami
   # Source: https://github.com/bitnami/charts/
-  - name: "bitnami-repo"
+  - name: "nginx-repo"
     oci: true
-    url: >-
-      {{ env "PRIVATE_IMAGE_REGISTRY_URL" |
-         default "external-registry.souvap-univention.de/sovereign-workplace/souvap/tooling/charts/bitnami-charts" }}
-    verify: true
     keyring: "../../files/gpg-pubkeys/souvap-univention-de.gpg"
+    verify: {{ .Values.charts.nginx.verify }}
+    username: "{{ .Values.charts.nginx.username }}"
+    password: {{ .Values.charts.nginx.password | quote }}
+    url: "{{ .Values.charts.nginx.registry }}/{{ .Values.charts.nginx.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://registry.souvap-univention.de
-  # packageName=souvap/tooling/charts/bitnami-charts/nginx
-  # dataSource=docker
-  # dependencyType=vendor
   - name: "ums-stack-gateway"
-    chart: "bitnami-repo/nginx"
-    version: "15.3.5"
+    chart: "nginx-repo/{{ .Values.charts.nginx.name }}"
+    version: "{{ .Values.charts.nginx.version }}"
     values:
       - "values-ums-stack-gateway.gotmpl"
       - "values-ums-stack-gateway.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=store-dav
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-store-dav"
-    chart: "ums-repo/store-dav"
-    version: "0.7.0"
+    chart: "ums-repo/{{ .Values.charts.umsStoreDav.name }}"
+    version: "{{ .Values.charts.umsStoreDav.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
       - "values-store-dav.gotmpl"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=ldap-server
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-ldap-server"
-    chart: "ums-repo/ldap-server"
-    version: "0.7.0"
+    chart: "ums-repo/{{ .Values.charts.umsLdapServer.name }}"
+    version: "{{ .Values.charts.umsLdapServer.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -64,14 +48,9 @@ releases:
       - "values-ldap-server.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=ldap-notifier
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-ldap-notifier"
-    chart: "ums-repo/ldap-notifier"
-    version: "0.7.0"
+    chart: "ums-repo/{{ .Values.charts.umsLdapNotifier.name }}"
+    version: "{{ .Values.charts.umsLdapNotifier.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -79,14 +58,9 @@ releases:
       - "values-ldap-notifier.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=udm-rest-api
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-udm-rest-api"
-    chart: "ums-repo/udm-rest-api"
-    version: "0.3.5"
+    chart: "ums-repo/{{ .Values.charts.umsUdmRestApi.name }}"
+    version: "{{ .Values.charts.umsUdmRestApi.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -94,14 +68,9 @@ releases:
       - "values-udm-rest-api.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=stack-data-ums
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-stack-data-ums"
-    chart: "ums-repo/stack-data-ums"
-    version: "0.38.1"
+    chart: "ums-repo/{{ .Values.charts.umsStackDataUms.name }}"
+    version: "{{ .Values.charts.umsStackDataUms.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -109,14 +78,9 @@ releases:
       - "values-stack-data-ums.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=stack-data-swp
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-stack-data-swp"
-    chart: "ums-repo/stack-data-swp"
-    version: "0.38.1"
+    chart: "ums-repo/{{ .Values.charts.umsStackDataSwp.name }}"
+    version: "{{ .Values.charts.umsStackDataSwp.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -124,14 +88,9 @@ releases:
       - "values-stack-data-swp.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=portal-server
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-portal-server"
-    chart: "ums-repo/portal-server"
-    version: "0.6.1"
+    chart: "ums-repo/{{ .Values.charts.umsPortalServer.name }}"
+    version: "{{ .Values.charts.umsPortalServer.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -139,14 +98,9 @@ releases:
       - "values-portal-server.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=notifications-api
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-notifications-api"
-    chart: "ums-repo/notifications-api"
-    version: "0.6.1"
+    chart: "ums-repo/{{ .Values.charts.umsNotificationsApi.name }}"
+    version: "{{ .Values.charts.umsNotificationsApi.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -154,14 +108,9 @@ releases:
       - "values-notifications-api.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=portal-listener
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-portal-listener"
-    chart: "ums-repo/portal-listener"
-    version: "0.6.1"
+    chart: "ums-repo/{{ .Values.charts.umsPortalListener.name }}"
+    version: "{{ .Values.charts.umsPortalListener.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -169,14 +118,9 @@ releases:
       - "values-portal-listener.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=portal-frontend
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-portal-frontend"
-    chart: "ums-repo/portal-frontend"
-    version: "0.6.1"
+    chart: "ums-repo/{{ .Values.charts.umsPortalFrontend.name }}"
+    version: "{{ .Values.charts.umsPortalFrontend.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -184,14 +128,9 @@ releases:
       - "values-portal-frontend.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=umc-gateway
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-umc-gateway"
-    chart: "ums-repo/umc-gateway"
-    version: "0.6.1"
+    chart: "ums-repo/{{ .Values.charts.umsUmcGateway.name }}"
+    version: "{{ .Values.charts.umsUmcGateway.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"
@@ -199,14 +138,9 @@ releases:
       - "values-umc-gateway.yaml"
     installed: {{ .Values.univentionManagementStack.enabled }}
 
-  # renovate:
-  # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
-  # packageName=umc-server
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "ums-umc-server"
-    chart: "ums-repo/umc-server"
-    version: "0.6.1"
+    chart: "ums-repo/{{ .Values.charts.umsUmcServer.name }}"
+    version: "{{ .Values.charts.umsUmcServer.version }}"
     values:
       - "values-common.gotmpl"
       - "values-common.yaml"

helmfile/apps/xwiki/helmfile.yaml

@@ -3,25 +3,19 @@
 ---
 bases:
   - "../../bases/environments.yaml"
-
 ---
 repositories:
   # XWiki
   # Source: https://github.com/xwiki-contrib/xwiki-helm
   - name: "xwiki-repo"
-    url: >-
-      {{ env "PRIVATE_CHART_REPOSITORY_URL" |
-         default "https://xwiki-contrib.github.io/xwiki-helm" }}
+    username: "{{ .Values.charts.xwiki.username }}"
+    password: {{ .Values.charts.xwiki.password | quote }}
+    url: "{{ .Values.charts.xwiki.registry }}/{{ .Values.charts.xwiki.repository }}"
 
 releases:
-  # renovate:
-  # registryUrl=https://xwiki-contrib.github.io/xwiki-helm
-  # packageName=xwiki
-  # dataSource=helm
-  # dependencyType=vendor
   - name: "xwiki"
-    chart: "xwiki-repo/xwiki"
-    version: "1.2.3"
+    chart: "xwiki-repo/{{ .Values.charts.xwiki.name }}"
+    version: "{{ .Values.charts.xwiki.version }}"
     wait: true
     values:
       - "values.yaml"

helmfile/environments/default/charts.yaml

@@ -0,0 +1,714 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0
+---
+charts:
+  certificates:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-certificates/opendesk-certificates
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-certificates"
+    name: "opendesk-certificates"
+    version: "2.1.0"
+    verify: true
+    username: ~
+    password: ~
+
+  clamav:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/clamav/opendesk-clamav
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/clamav"
+    name: "opendesk-clamav"
+    version: "4.0.0"
+    verify: true
+    username: ~
+    password: ~
+
+  clamavSimple:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/clamav/clamav-simple
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/clamav"
+    name: "clamav-simple"
+    version: "4.0.0"
+    verify: true
+    username: ~
+    password: ~
+
+  collabora:
+    # renovate:
+    # registryUrl=https://collaboraonline.github.io/online
+    # packageName=collabora-online
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "https://collaboraonline.github.io"
+    repository: "online"
+    name: "collabora-online"
+    version: "1.0.2"
+    username: ~
+    password: ~
+
+  cryptpad:
+    # renovate:
+    # registryUrl=https://cryptpad.github.io/helm
+    # packageName=cryptpad
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "https://cryptpad.github.io"
+    repository: "helm"
+    name: "cryptpad"
+    version: "0.0.14"
+    username: ~
+    password: ~
+
+  dovecot:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/dovecot/dovecot
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/dovecot"
+    name: "dovecot"
+    version: "1.3.6"
+    verify: true
+    username: ~
+    password: ~
+
+  element:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-element
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
+    name: "opendesk-element"
+    version: "2.6.0"
+    verify: true
+    username: ~
+    password: ~
+
+  elementWellKnown:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-well-known
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
+    name: "opendesk-well-known"
+    version: "2.6.0"
+    verify: true
+    username: ~
+    password: ~
+
+  intercomService:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/intercom-service/intercom-service
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/intercom-service"
+    name: "intercom-service"
+    version: "2.0.1"
+    verify: true
+    username: ~
+    password: ~
+
+  istioResources:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/istio-ressources/istio-gateway
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/istio-ressources"
+    name: "istio-gateway"
+    version: "2.0.0"
+    verify: true
+    username: ~
+    password: ~
+
+  jitsi:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-jitsi/sovereign-workplace-jitsi
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-jitsi"
+    name: "sovereign-workplace-jitsi"
+    version: "1.7.1"
+    verify: true
+    username: ~
+    password: ~
+
+  keycloak:
+    # renovate:
+    # registryUrl=https://registry-1.docker.io
+    # packageName=bitnamicharts/keycloak
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
+    name: "keycloak"
+    version: "12.1.5"
+    verify: true
+    username: ~
+    password: ~
+
+  keycloakBootstrap:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap/sovereign-workplace-keycloak-bootstrap
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-keycloak-bootstrap"
+    name: "sovereign-workplace-keycloak-bootstrap"
+    version: "1.1.12"
+    verify: true
+    username: ~
+    password: ~
+
+  keycloakExtensions:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/77/packages/helm/stable
+    # packageName=keycloak-extensions
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "https://gitlab.souvap-univention.de"
+    repository: "api/v4/projects/77/packages/helm/stable"
+    name: "keycloak-extensions"
+    version: "0.1.0"
+    username: ~
+    password: ~
+
+  keycloakTheme:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/keycloak-theme/opendesk-keycloak-theme
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/keycloak-theme"
+    name: "opendesk-keycloak-theme"
+    version: "2.0.0"
+    verify: true
+    username: ~
+    password: ~
+
+  mariadb:
+    # renovate:
+    # registryUrl=https://registry.opencode.de
+    # packageName=bmi/opendesk/components/charts/opendesk-mariadb/mariadb
+    # dataSource=docker
+    # dependencyType=service
+    registry: "registry.opencode.de"
+    repository: "bmi/opendesk/components/charts/opendesk-mariadb"
+    name: "mariadb"
+    version: "2.2.0"
+    verify: true
+    username: ~
+    password: ~
+
+  matrixNeoboardWidget:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neoboard-widget
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
+    name: "matrix-neoboard-widget"
+    version: "3.3.0"
+    verify: true
+    username: ~
+    password: ~
+
+  matrixNeochoiseWidget:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neochoice-widget
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
+    name: "matrix-neochoice-widget"
+    version: "3.3.0"
+    verify: true
+    username: ~
+    password: ~
+
+  matrixNeodatefixBot:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-bot
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
+    name: "matrix-neodatefix-bot"
+    version: "3.3.0"
+    verify: true
+    username: ~
+    password: ~
+
+  matrixNeodatefixWidget:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/opendesk-matrix-widgets/matrix-neodatefix-widget
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/opendesk-matrix-widgets"
+    name: "matrix-neodatefix-widget"
+    version: "3.3.0"
+    verify: true
+    username: ~
+    password: ~
+
+  matrixUserVerificationService:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-matrix-user-verification-service
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
+    name: "opendesk-matrix-user-verification-service"
+    version: "2.6.0"
+    verify: true
+    username: ~
+    password: ~
+
+  memcached:
+    # renovate:
+    # registryUrl=https://registry-1.docker.io
+    # packageName=bitnamicharts/memcached
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
+    name: "memcached"
+    version: "6.6.2"
+    verify: true
+    username: ~
+    password: ~
+
+  minio:
+    # renovate:
+    # registryUrl=https://registry-1.docker.io
+    # packageName=bitnamicharts/minio
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
+    name: "minio"
+    version: "12.8.19"
+    verify: true
+    username: ~
+    password: ~
+
+  nextcloud:
+    # renovate:
+    # registryUrl=https://nextcloud.github.io/helm
+    # packageName=nextcloud
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "https://nextcloud.github.io"
+    repository: "helm"
+    name: "nextcloud"
+    version: "3.5.19"
+    username: ~
+    password: ~
+
+  nextcloudBootstrap:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap/opendesk-nextcloud-bootstrap
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-nextcloud-bootstrap"
+    name: "opendesk-nextcloud-bootstrap"
+    version: "3.2.6"
+    verify: true
+    username: ~
+    password: ~
+
+  nginx:
+    # renovate:
+    # registryUrl=https://registry-1.docker.io
+    # packageName=bitnamicharts/nginx
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
+    name: "nginx"
+    version: "15.3.5"
+    verify: true
+    username: ~
+    password: ~
+
+  openproject:
+    # renovate:
+    # registryUrl=https://ghcr.io
+    # packageName=opf/helm-charts/openproject
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/opf/helm-charts"
+    name: "openproject"
+    version: "3.0.2"
+    verify: true
+    username: ~
+    password: ~
+
+  openprojectBootstrap:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/opendesk-openproject-bootstrap/opendesk-openproject-bootstrap
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/opendesk-openproject-bootstrap"
+    name: "opendesk-openproject-bootstrap"
+    version: "1.2.1"
+    verify: true
+    username: ~
+    password: ~
+
+  openXchangeAppSuite:
+    # renovate:
+    # registryUrl=https://registry.open-xchange.com
+    # packageName=appsuite-public-sector/charts/appsuite-public-sector
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/appsuite-public-sector/charts"
+    name: "appsuite-public-sector"
+    version: "2.1.1"
+    username: ~
+    password: ~
+
+  openXchangeAppSuiteBootstrap:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap/sovereign-workplace-open-xchange-bootstrap
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-open-xchange-bootstrap"
+    name: "sovereign-workplace-open-xchange-bootstrap"
+    version: "1.3.1"
+    verify: true
+    username: ~
+    password: ~
+
+  otterize:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/opendesk-otterize/opendesk-otterize
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/opendesk-otterize"
+    name: "opendesk-otterize"
+    version: "1.1.3"
+    verify: true
+    username: ~
+    password: ~
+
+  oxConnector:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/128/packages/helm/stable
+    # packageName=ox-connector
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "https://gitlab.souvap-univention.de"
+    repository: "api/v4/projects/128/packages/helm/stable"
+    name: "ox-connector"
+    version: "0.1.0-pre-jconde-listener-entrypoint-chaining"
+    username: ~
+    password: ~
+
+  postfix:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/postfix/postfix
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/postfix"
+    name: "postfix"
+    version: "2.0.4"
+    verify: true
+    username: ~
+    password: ~
+
+  postgresql:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/postgresql/postgresql
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/postgresql"
+    name: "postgresql"
+    version: "2.0.3"
+    verify: true
+    username: ~
+    password: ~
+
+  redis:
+    # renovate:
+    # registryUrl=https://registry-1.docker.io
+    # packageName=bitnamicharts/redis
+    # dataSource=docker
+    # dependencyType=service
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/bitnami-charts"
+    name: "redis"
+    version: "18.1.2"
+    verify: true
+    username: ~
+    password: ~
+
+  synapse:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
+    name: "opendesk-synapse"
+    version: "2.6.0"
+    verify: true
+    username: ~
+    password: ~
+
+  synapseCreateAccount:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-create-account
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
+    name: "opendesk-synapse-create-account"
+    version: "2.6.0"
+    verify: true
+    username: ~
+    password: ~
+
+  synapseWeb:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/sovereign-workplace-element/opendesk-synapse-web
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/sovereign-workplace-element"
+    name: "opendesk-synapse-web"
+    version: "2.6.0"
+    verify: true
+    username: ~
+    password: ~
+
+  umsLdapNotifier:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=ldap-notifier
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "ldap-notifier"
+    version: "0.7.0"
+    username: ~
+    password: ~
+
+  umsLdapServer:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=ldap-server
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "ldap-server"
+    version: "0.7.0"
+    username: ~
+    password: ~
+
+  umsNotificationsApi:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=notifications-api
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "notifications-api"
+    version: "0.6.1"
+    username: ~
+    password: ~
+
+  umsPortalFrontend:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=portal-frontend
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "portal-frontend"
+    version: "0.6.1"
+    username: ~
+    password: ~
+
+  umsPortalListener:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=portal-listener
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "portal-listener"
+    version: "0.6.1"
+    username: ~
+    password: ~
+
+  umsPortalServer:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=portal-server
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "portal-server"
+    version: "0.6.1"
+    username: ~
+    password: ~
+
+  umsStackDataSwp:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=stack-data-swp
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "stack-data-swp"
+    version: "0.38.1"
+    username: ~
+    password: ~
+
+  umsStackDataUms:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=stack-data-ums
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "stack-data-ums"
+    version: "0.38.1"
+    username: ~
+    password: ~
+
+  umsStoreDav:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=store-dav
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "store-dav"
+    version: "0.7.0"
+    username: ~
+    password: ~
+
+  umsUdmRestApi:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=udm-rest-api
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "udm-rest-api"
+    version: "0.3.5"
+    username: ~
+    password: ~
+
+  umsUmcGateway:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=umc-gateway
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "umc-gateway"
+    version: "0.6.1"
+    username: ~
+    password: ~
+
+  umsUmcServer:
+    # renovate:
+    # registryUrl=https://gitlab.souvap-univention.de/api/v4/projects/155/packages/helm/stable
+    # packageName=umc-server
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "gitlab.souvap-univention.de"
+    repository: "api/v4/projects/155/packages/helm/stable"
+    name: "umc-server"
+    version: "0.6.1"
+    username: ~
+    password: ~
+
+  univentionCorporateServer:
+    # renovate:
+    # registryUrl=https://registry.souvap-univention.de
+    # packageName=souvap/tooling/charts/univention-corporate-container/univention-corporate-container
+    # dataSource=docker
+    # dependencyType=vendor
+    registry: "external-registry.souvap-univention.de"
+    repository: "sovereign-workplace/souvap/tooling/charts/univention-corporate-container"
+    name: "univention-corporate-container"
+    version: "1.0.10"
+    verify: true
+    username: ~
+    password: ~
+
+  xwiki:
+    # renovate:
+    # registryUrl=https://xwiki-contrib.github.io/xwiki-helm
+    # packageName=xwiki
+    # dataSource=helm
+    # dependencyType=vendor
+    registry: "https://xwiki-contrib.github.io"
+    repository: "xwiki-helm"
+    name: "xwiki"
+    version: "1.2.3"
+    verify: true
+    username: ~
+    password: ~
+...

helmfile/environments/default/images.yaml

@@ -35,7 +35,7 @@ images:
     # registryUrl=https://registry.souvap-univention.de
     # dependencyType=vendor
     repository: "souvap/tooling/images/element-web"
-    tag: "1.6.0@sha256:a71cbd75ee88471e3df59f26a2a37b9b8ff83d2f71f726053acd381ecd87e234"
+    tag: "1.7.0@sha256:b8b59aff8ed3eb07dc22cec123a2d04acaf435f5637148698183773a695444c2"
     # @supplier: "Element"
   freshclam:
     # renovate:
@@ -149,21 +149,21 @@ images:
     # registryUrl=https://ghcr.io
     # dependencyType=vendor
     repository: "nordeck/matrix-neoboard-widget"
-    tag: "1.0.0@sha256:584b9c18ea3dfd4b7f1e73f3e114bc1dcd5731b400a8d037576bf2a797c8b086"
+    tag: "1.4.0@sha256:da04d6c3c3e07ec1fcb6ecec245adc48897f107a2ab84c39d8924de951744d9f"
     # @supplier: "Nordeck"
   matrixNeoChoiceWidget:
     # renovate:
     # registryUrl=https://ghcr.io
     # dependencyType=vendor
     repository: "nordeck/matrix-poll-widget"
-    tag: "1.3.0@sha256:19d2c8c7a15fe7d12c4a83a89310831da12323fd45ff0280cce808f1be0c7e0b"
+    tag: "1.3.1@sha256:ba7a0bcbcf278df523cef8d230dc44f31ef86f8aefe6dbea7d832b7234ff5c7a"
     # @supplier: "Nordeck"
   matrixNeoDateFixBot:
     # renovate:
     # registryUrl=https://ghcr.io
     # dependencyType=vendor
     repository: "nordeck/matrix-meetings-bot"
-    tag: "2.4.2@sha256:f5b3362560255470076f3e6c95a0dd93a8f781398afb992c1e1212764fa87297"
+    tag: "2.5.0@sha256:6ea92f7e48cd71ce2c552cb5222a1d4b3696136e61045bce8456bc52ce02b9c8"
     # @supplier: "Nordeck"
   matrixNeoDateFixWidget:
     # renovate:
@@ -219,7 +219,7 @@ images:
     # registryUrl=https://docker.io
     # dependencyType=vendor
     repository: "openproject/open_desk"
-    tag: "dev@sha256:3c9d110c0221621530a431b5899ba16956db8253f491a55a220ec642473cb61f"
+    tag: "release-13.1@sha256:b1e6d55d913bb2dfc34caae364c54ff524c0676a74da1c036d0e64557ef42795"
     # @supplier: "OpenProject"
   openprojectInitDb:
     # renovate:
@@ -324,8 +324,7 @@ images:
     # registryUrl=https://registry.souvap-univention.de
     # dependencyType=vendor
     repository: "souvap/tooling/images/ox-connector/ox-connector-standalone"
-    tag: "branch-jconde-listener-entrypoint-chaining\
-      @sha256:54748d49e37d52529d4a857ff834d1217bd2cb8c89c7eed25c0873159ed6853c"
+    tag: "0.3.4@sha256:db95466170613db46222e63aa0f69de9e60d08c6a409e27905ce5389e4b19074"
     # @supplier: "Univention"
   postfix:
     # renovate:

helmfile/files/gpg-pubkeys/opencode.gpg.license

@@ -0,0 +1,2 @@
+# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
+# SPDX-License-Identifier: Apache-2.0