opendesk/helmfile/environments/default/functional.yaml

# SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
# SPDX-License-Identifier: Apache-2.0
---
functional:
  admin:
    portal:
      deploymentTimestamp:
        # Set to `false` to disable to not provide and update openDesk deployment timestamp for admins in the portal.
        # This is helpful in GitOps deployments as with the timestamp there will always be a change detected.
        enabled: true

  authentication:
    twoFactor:
      # Define a list of groups to enable 2FA for.
      # Note: Removing a group from the list will not disable 2FA for the removed group.
      groups:
        - "Domain Admins"
    oidc:
      # Define additional/custom OIDC clients to be created in the 'opendesk' realm of Keycloak.
      clients: ~
      # Define additional/custom OIDC client scopes to be created in the 'opendesk' realm of Keycloak.
      clientScopes: ~

  externalServices:
    nubus:
      udmRestApi:
        # Enable to make the UDM REST API from the Nubus stack externally available.
        enabled: false
    matrix:
      federation:
        # Disable to not support Matrix federation with your installation.
        enabled: true

  filestore:
    quota:
      # Set the default quota for all users in GB
      default: 1
    # Options related to file sharing.
    # Changing these options might require a restart of the `opendesk-nextcloud-php` Pod(s).
    sharing:
      # External shares
      external:
        # Enables sharing of files with external participants (create external links, send links by mail and allow external upload in shared folders).
        # If you disable this option existing external shares stop working, when re-enabling it the old shares are available again.
        enabled: false
        # Enforces passwords to be used on external shares.
        enforcePasswords: false
        # Let Nextcloud send the password set for the share by mail to the recipient of the share.
        sendPasswordMail: true
        # Expiry settings for the external shares.
        expiry:
          # If true the check box for the expiry date is enabled by default.
          activeByDefault: true
          # Enforce an expiry date to be set overriding `activeByDefault` setting.
          enforced: false
          # Set the number of days the default expiry date is in the future (requires `activeByDefault` to be `true`)
          defaultDays: 30
      # External shares
      internal:
        # Expiry settings for the internal shares.
        expiry:
          # If true the check box for the expiry date is enabled by default.
          activeByDefault: false
          # Enforce an expiry date to be set overriding `activeByDefault` setting.
          enforced: false
          # Set the number of days the default expiry date is in the future (requires `activeByDefault` to be `true`).
          defaultDays: 90
    # Nextcloud specific configuration
    nextcloud:
      retentionObligation:
        # yamllint disable rule:line-length
        # Set Nextcloud's `trashbin_retention_obligation`
        # Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#trashbin-retention-obligation
        trashbin: "auto"
        # Set Nextcloud's `versions_retention_obligation`
        # Ref.: https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/config_sample_php_parameters.html#versions-retention-obligation
        versions: "auto"
        # yamllint enable rule:line-length

  dataProtection:
    matrixPresence:
      # Enable to allow information about the user presence status to be shared.
      # Ref.: https://element-hq.github.io/synapse/latest/usage/configuration/config_documentation.html#presence
      enabled: false
    jitsiRoomHistory:
      # Enable to allow the room history to be stored in the user's browser local storage.
      # Ref.:
      enabled: false

  chat:
    matrix:
      profile:
        # Once connected with a user that user's Matrix ID is rarely checked by their communication partners, as the
        # display name is used to see whom they are communicating with. Not allowing users to change their
        # own display name reduces the risk of identity fraud.
        # To get the display name updated from the central identity and access management you have to have the Synapse
        # enterprise feature "groupsync" configured.
        allowUsersToUpdateDisplayname: true

        # If the LDAP entryUUID should be used for the localpart of user's Matrix IDs following setting must be `true`.
        useImmutableIdentifierForLocalpart: false

  migration:
    oxAppSuite:
      # Note: Only available in openDesk Enterprise.
      # Turn on temporary for migration purposes only. Will enable master password auth in OX AppSuite and Dovecot using
      # `secrets.oxAppSuite.migrationsMasterPassword`.
      enabled: false

...