# SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS" # SPDX-License-Identifier: Apache-2.0 --- appsuite: istio: ingressGateway: name: "opendesk-gateway-istio-gateway" switchboard: enabled: false core-mw: enabled: true masterAdmin: "admin" gotenberg: enabled: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" privileged: false readOnlyRootFilesystem: true runAsNonRoot: true runAsUser: 1001 seccompProfile: type: "RuntimeDefault" features: status: # enable admin pack # admin: enabled documents: "disabled" guard: "enabled" packages: status: open-xchange-oidc: "enabled" open-xchange-authentication-database: "disabled" open-xchange-authentication-oauth: "enabled" properties: com.openexchange.UIWebPath: "/appsuite/" com.openexchange.showAdmin: "false" # PDF Export com.openexchange.capability.mail_export_pdf: "true" com.openexchange.mail.exportpdf.gotenberg.enabled: "true" com.openexchange.mail.exportpdf.collabora.enabled: "true" com.openexchange.mail.exportpdf.pdfa.collabora.enabled: "true" com.openexchange.mail.exportpdf.collabora.url: "http://collabora:9980" com.openexchange.mail.exportpdf.gotenberg.url: "http://open-xchange-gotenberg:3000" # OIDC com.openexchange.oidc.enabled: "true" com.openexchange.oidc.autologinCookieMode: "ox_direct" com.openexchange.oidc.contextLookupClaim: "context" com.openexchange.oidc.contextLookupNamePart: "full" com.openexchange.oidc.backchannelLogoutEnabled: "true" com.openexchange.oidc.startDefaultBackend: "true" com.openexchange.oidc.ssoLogout: "true" com.openexchange.oidc.userLookupNamePart: "full" com.openexchange.oidc.userLookupClaim: "phoenixusername" com.openexchange.oidc.clientId: "as8oidc" # OAUTH com.openexchange.oauth.provider.enabled: "true" com.openexchange.oauth.provider.contextLookupClaim: "context" com.openexchange.oauth.provider.contextLookupNamePart: "full" com.openexchange.oauth.provider.mode: "expect_jwt" com.openexchange.oauth.provider.userLookupNamePart: "full" com.openexchange.oauth.provider.userLookupClaim: "phoenixusername" com.openexchange.authentication.oauth.clientId: "as8oidc" # MAIL com.openexchange.mail.authType: "xoauth2" com.openexchange.mail.loginSource: "mail" com.openexchange.mail.mailServer: "dovecot" com.openexchange.mail.mailServerSource: "global" com.openexchange.mail.transport.authType: "xoauth2" com.openexchange.mail.transportServer: "postfix" com.openexchange.mail.transportServerSource: "global" # Mailfilter com.openexchange.mail.filter.loginType: "global" com.openexchange.mail.filter.credentialSource: "mail" com.openexchange.mail.filter.server: "dovecot" com.openexchange.mail.filter.preferredSaslMech: "XOAUTH2" # Dovecot com.openexchange.imap.attachmentMarker.enabled: "true" # Capabilities # Old capability can be used to toggle all integrations with a single switch com.openexchange.capability.public-sector: "true" # New capabilities in 2.0 com.openexchange.capability.public-sector-element: "true" com.openexchange.capability.public-sector-navigation: "true" com.openexchange.capability.client-onboarding: "true" com.openexchange.capability.dynamic-theme: "true" com.openexchange.capability.filestorage_nextcloud: "true" com.openexchange.capability.filestorage_nextcloud_oauth: "true" com.openexchange.capability.guard: "true" com.openexchange.capability.guard-mail: "true" com.openexchange.capability.smime: "true" com.openexchange.capability.share_links: "false" com.openexchange.capability.invite_guests: "false" com.openexchange.capability.document_preview: "true" # Secondary Accounts com.openexchange.mail.secondary.authType: "XOAUTH2" com.openexchange.mail.transport.secondary.authType: "xoauth2" # Nextcloud integration com.openexchange.file.storage.nextcloud.oauth.url: "http://nextcloud/" com.openexchange.file.storage.nextcloud.oauth.webdav.username.strategy: "user" com.openexchange.nextcloud.filepicker.includeAccessToken: "false" # GDPR com.openexchange.gdpr.dataexport.enabled: "false" com.openexchange.gdpr.dataexport.active: "false" # Guard com.openexchange.guard.storage.file.fileStorageType: "file" com.openexchange.guard.storage.file.uploadDirectory: "/opt/open-xchange/guard-files/" com.openexchange.guard.guestSMTPServer: "postfix" # S/MIME # Usage (in browser console after login): # http = (await import('./io.ox/core/http.js')).default # await http.POST({ module: 'oxguard/smime', params: { action: 'test' } }) com.openexchange.smime.test: "true" # Other com.openexchange.secret.secretSource: "\" + '@' + + '/' + \"" propertiesFiles: /opt/open-xchange/etc/AdminDaemon.properties: MASTER_ACCOUNT_OVERRIDE: "true" /opt/open-xchange/etc/system.properties: SERVER_NAME: "oxserver" /opt/open-xchange/etc/ldapauth.properties: bindOnly: "false" bindDN: "uid=ldapsearch_ox,cn=users,dc=swp-ldap,dc=internal" uiSettings: # Show the Enterprise Picker in the top right corner instead of the launcher drop-down io.ox/core//features/enterprisePicker/showLauncher: "false" io.ox/core//features/enterprisePicker/showTopRightLauncher: "true" # Text and icon color in the topbar io.ox/dynamic-theme//topbarColor: "#000" io.ox/dynamic-theme//logoWidth: "82" io.ox/dynamic-theme//topbarHover: "rgba(0, 0, 0, 0.1)" # Resources io.ox/core//features/resourceCalendars: "true" io.ox/core//features/managedResources: "true" # Categories io.ox/core//features/categories: "true" io.ox/core//categories/predefined: > [{ "name": "Predefined", "color": "orange", "icon": "bi/exclamation-circle.svg" }] # Nextcloud integration # io.ox.nextcloud//server: "https://ics./fs/" # Central navigation io.ox.public-sector//navigation/oxtabname: "tab_groupware" # io.ox.public-sector//ics/url: "https://ics./" io.ox/core//apps/quickLaunchCount: "0" io.ox/core//coloredIcons: "false" # Mail templates io.ox/core//features/templates: "true" asConfig: default: host: "all" pageHeaderPrefix: "as8.souvap App Suite" oidcLogin: true oidcPath: "/oidc" redis: enabled: true mode: "standalone" hosts: - "redis-master" hooks: beforeAppsuiteStart: create-guard-dir.sh: | mkdir -p /opt/open-xchange/guard-files chown open-xchange:open-xchange /opt/open-xchange/guard-files # Security context for core-mw has no effect yet # podSecurityContext: {} # securityContext: {} core-ui: enabled: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" core-ui-middleware: enabled: true overrides: {} redis: mode: "standalone" hosts: - "redis-master:6379" auth: enabled: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" core-guidedtours: enabled: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" guard-ui: enabled: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" core-cacheservice: enabled: false core-user-guide: enabled: true securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" core-imageconverter: enabled: true objectCache: s3ObjectStores: - id: -1 endpoint: "." accessKey: "." secretKey: "." podSecurityContext: runAsGroup: 1000 runAsNonRoot: true runAsUser: 987 seccompProfile: type: "RuntimeDefault" securityContext: # missing: # readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - "ALL" core-spellcheck: enabled: false core-documentconverter: enabled: true documentConverter: cache: remoteCache: enabled: false podSecurityContext: runAsGroup: 1000 runAsNonRoot: true runAsUser: 987 seccompProfile: type: "RuntimeDefault" securityContext: # missing: # readOnlyRootFilesystem: true allowPrivilegeEscalation: false capabilities: drop: - "ALL" core-documents-collaboration: enabled: false office-web: enabled: false office-user-guide: enabled: false plugins-ui: enabled: false cloud-plugins-ui: enabled: false drive-client-windows-ox: enabled: false core-drive-help: enabled: false nextcloud-integration-ui: securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" public-sector-ui: securityContext: allowPrivilegeEscalation: false capabilities: drop: - "ALL" readOnlyRootFilesystem: true runAsGroup: 1000 runAsNonRoot: true runAsUser: 1000 seccompProfile: type: "RuntimeDefault" ...