fix(element): Use Element upstream without widgets. (bdc6ad28) · Commits · BMI / openDesk / Deployment / openDesk

dev/charts-local.py

+1 −1

Original line number	Diff line number	Diff line
		@@ -25,7 +25,7 @@ script_path = os.path.dirname(os.path.realpath(__file__))
		log_path = script_path+'/../logs'
		charts_yaml = script_path+'/../helmfile/environments/default/charts.yaml'
		base_repo_path = script_path+'/..'
		base_helmfile = base_repo_path+'/helmfile_generic.yaml'
		base_helmfile = base_repo_path+'/helmfile_generic.yaml.gotmpl'
		helmfile_backup_extension = '.bak'

		Path(log_path).mkdir(parents=True, exist_ok=True)

helmfile/apps/element/helmfile-child.yaml.gotmpl

+0 −102

Original line number	Diff line number	Diff line
		@@ -32,52 +32,6 @@ repositories:
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.synapse.registry }}/{{ .Values.charts.synapse.repository }}"
		- name: "synapse-create-account-repo"
		keyring: "../../files/gpg-pubkeys/opencode.gpg"
		verify: {{ .Values.charts.synapseCreateAccount.verify }}
		username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" \| quote }}
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.synapseCreateAccount.registry }}/{{ .Values.charts.synapseCreateAccount.repository }}"

		# openDesk Matrix Widgets
		# Source: https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-matrix-widgets
		- name: "matrix-user-verification-service-repo"
		keyring: "../../files/gpg-pubkeys/opencode.gpg"
		verify: {{ .Values.charts.matrixUserVerificationService.verify }}
		username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" \| quote }}
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.matrixUserVerificationService.registry }}/{{ .Values.charts.matrixUserVerificationService.repository }}"
		- name: "matrix-neoboard-widget-repo"
		keyring: "../../files/gpg-pubkeys/opencode.gpg"
		verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
		username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" \| quote }}
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
		- name: "matrix-neochoice-widget-repo"
		keyring: "../../files/gpg-pubkeys/opencode.gpg"
		verify: {{ .Values.charts.matrixNeoboardWidget.verify }}
		username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" \| quote }}
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.matrixNeoboardWidget.registry }}/{{ .Values.charts.matrixNeoboardWidget.repository }}"
		- name: "matrix-neodatefix-widget-repo"
		keyring: "../../files/gpg-pubkeys/opencode.gpg"
		verify: {{ .Values.charts.matrixNeodatefixWidget.verify }}
		username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" \| quote }}
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.matrixNeodatefixWidget.registry }}/{{ .Values.charts.matrixNeodatefixWidget.repository }}"
		- name: "matrix-neodatefix-bot-repo"
		keyring: "../../files/gpg-pubkeys/opencode.gpg"
		verify: {{ .Values.charts.matrixNeodatefixBot.verify }}
		username: {{ env "OD_PRIVATE_REGISTRY_USERNAME" \| quote }}
		password: {{ env "OD_PRIVATE_REGISTRY_PASSWORD" \| quote }}
		oci: true
		url: "{{ .Values.global.helmRegistry \| default .Values.charts.matrixNeodatefixBot.registry }}/{{ .Values.charts.matrixNeodatefixBot.repository }}"


		releases:
		- name: "opendesk-element"
		@@ -112,62 +66,6 @@ releases:
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "opendesk-matrix-user-verification-service-bootstrap"
		chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
		version: "{{ .Values.charts.synapseCreateAccount.version }}"
		values:
		- "values-matrix-user-verification-service-bootstrap.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "opendesk-matrix-user-verification-service"
		chart: "matrix-user-verification-service-repo/{{ .Values.charts.matrixUserVerificationService.name }}"
		version: "{{ .Values.charts.matrixUserVerificationService.version }}"
		values:
		- "values-matrix-user-verification-service.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "matrix-neoboard-widget"
		chart: "matrix-neoboard-widget-repo/{{ .Values.charts.matrixNeoboardWidget.name }}"
		version: "{{ .Values.charts.matrixNeoboardWidget.version }}"
		values:
		- "values-matrix-neoboard-widget.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "matrix-neochoice-widget"
		chart: "matrix-neochoice-widget-repo/{{ .Values.charts.matrixNeochoiseWidget.name }}"
		version: "{{ .Values.charts.matrixNeochoiseWidget.version }}"
		values:
		- "values-matrix-neochoice-widget.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "matrix-neodatefix-widget"
		chart: "matrix-neodatefix-widget-repo/{{ .Values.charts.matrixNeodatefixWidget.name }}"
		version: "{{ .Values.charts.matrixNeodatefixWidget.version }}"
		values:
		- "values-matrix-neodatefix-widget.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "matrix-neodatefix-bot-bootstrap"
		chart: "synapse-create-account-repo/{{ .Values.charts.synapseCreateAccount.name }}"
		version: "{{ .Values.charts.synapseCreateAccount.version }}"
		values:
		- "values-matrix-neodatefix-bot-bootstrap.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		- name: "matrix-neodatefix-bot"
		chart: "matrix-neodatefix-bot-repo/{{ .Values.charts.matrixNeodatefixBot.name }}"
		version: "{{ .Values.charts.matrixNeodatefixBot.version }}"
		values:
		- "values-matrix-neodatefix-bot.yaml.gotmpl"
		installed: {{ .Values.element.enabled }}
		timeout: 900

		commonLabels:
		deploy-stage: "component-1"
		component: "element"

helmfile/apps/element/values-element.yaml.gotmpl

+1 −81

Original line number	Diff line number	Diff line
		@@ -7,7 +7,7 @@ SPDX-License-Identifier: Apache-2.0
		configuration:
		endToEndEncryption: true
		additionalConfiguration:
		logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"
		logout_redirect_url: "https://{{ .Values.global.hosts.keycloak }}.{{ .Values.global.domain }}/realms/{{ .Values.platform.realm }}/protocol/openid-connect/logout?client_id=opendesk-matrix&post_logout_redirect_uri=https%3A%2F%2F{{ .Values.global.hosts.nubus }}.{{ .Values.global.domain }}"

		"net.nordeck.element_web.module.opendesk":
		config:
		@@ -20,86 +20,6 @@ configuration:
		--cpd-color-bg-action-primary-rest: {{ .Values.theme.colors.primary \| quote }}
		--cpd-color-text-action-accent: {{ .Values.theme.colors.primary \| quote }}

		"net.nordeck.element_web.module.widget_lifecycle":
		widget_permissions:
		"https://{{ .Values.global.hosts.element }}.{{ .Values.global.domain }}/jitsi.html":
		identity_approved: true
		"https://{{ .Values.global.hosts.matrixNeoBoardWidget }}.{{ .Values.global.domain }}/*":
		preload_approved: true
		capabilities_approved:
		- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.create
		- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.create
		- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.chunk
		- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.chunk
		- org.matrix.msc2762.send.event:net.nordeck.whiteboard.document.snapshot
		- org.matrix.msc2762.receive.event:net.nordeck.whiteboard.document.snapshot
		- org.matrix.msc2762.send.state_event:m.room.power_levels#
		- org.matrix.msc2762.receive.state_event:m.room.power_levels#
		- org.matrix.msc2762.receive.state_event:m.room.member
		- org.matrix.msc2762.receive.state_event:m.room.name
		- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard
		- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard
		- org.matrix.msc2762.send.state_event:net.nordeck.whiteboard.sessions#*
		- org.matrix.msc2762.receive.state_event:net.nordeck.whiteboard.sessions
		- org.matrix.msc3819.send.to_device:net.nordeck.whiteboard.connection_signaling
		- org.matrix.msc3819.receive.to_device:net.nordeck.whiteboard.connection_signaling
		- town.robin.msc3846.turn_servers
		- org.matrix.msc4039.upload_file
		- org.matrix.msc4039.download_file
		"https://{{ .Values.global.hosts.matrixNeoChoiceWidget }}.{{ .Values.global.domain }}/*":
		preload_approved: true
		capabilities_approved:
		- org.matrix.msc2762.send.event:net.nordeck.poll.vote
		- org.matrix.msc2762.receive.event:net.nordeck.poll.vote
		- org.matrix.msc2762.send.state_event:net.nordeck.poll
		- org.matrix.msc2762.receive.state_event:net.nordeck.poll
		- org.matrix.msc2762.send.state_event:net.nordeck.poll.settings
		- org.matrix.msc2762.receive.state_event:net.nordeck.poll.settings
		- org.matrix.msc2762.receive.state_event:m.room.power_levels
		- org.matrix.msc2762.receive.state_event:m.room.name
		- org.matrix.msc2762.receive.state_event:m.room.member
		- org.matrix.msc2762.send.state_event:net.nordeck.poll.group
		- org.matrix.msc2762.receive.state_event:net.nordeck.poll.group
		- org.matrix.msc2762.send.event:net.nordeck.poll.start
		- org.matrix.msc2762.receive.event:net.nordeck.poll.start
		"https://{{ .Values.global.hosts.matrixNeoDateFixWidget }}.{{ .Values.global.domain }}/*":
		preload_approved: true
		identity_approved: true
		capabilities_approved:
		- org.matrix.msc2931.navigate
		- org.matrix.msc2762.timeline:*
		- org.matrix.msc2762.receive.state_event:m.room.power_levels
		- org.matrix.msc2762.receive.event:m.reaction
		- org.matrix.msc2762.receive.state_event:m.room.create
		- org.matrix.msc2762.receive.state_event:m.room.tombstone
		- org.matrix.msc2762.receive.state_event:m.room.member
		- org.matrix.msc2762.send.state_event:m.room.member
		- org.matrix.msc2762.receive.state_event:m.room.name
		- org.matrix.msc2762.receive.state_event:m.room.topic
		- org.matrix.msc2762.receive.state_event:m.space.parent
		- org.matrix.msc2762.receive.state_event:m.space.child
		- org.matrix.msc2762.receive.state_event:net.nordeck.meetings.metadata
		- org.matrix.msc2762.receive.state_event:im.vector.modular.widgets
		- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.create
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.create
		- org.matrix.msc2762.send.event:net.nordeck.meetings.breakoutsessions.create
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.breakoutsessions.create
		- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.close
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.close
		- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.widgets.handle
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.widgets.handle
		- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.participants.handle
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.participants.handle
		- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.update
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.update
		- org.matrix.msc2762.send.event:net.nordeck.meetings.meeting.change.message_permissions
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.meeting.change.message_permissions
		- org.matrix.msc2762.send.event:net.nordeck.meetings.sub_meetings.send_message
		- org.matrix.msc2762.receive.event:net.nordeck.meetings.sub_meetings.send_message
		- org.matrix.msc3973.user_directory_search

		welcomeUserId: "@meetings-bot:{{ .Values.global.domain }}"

		containerSecurityContext:
		allowPrivilegeEscalation: false
		capabilities:

helmfile/apps/element/values-matrix-neoboard-widget.yaml.gotmpl

deleted100644 → 0

+0 −57

Original line number	Diff line number	Diff line
		{{/*
		SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
		SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
		SPDX-License-Identifier: Apache-2.0
		*/}}
		---
		containerSecurityContext:
		allowPrivilegeEscalation: false
		capabilities:
		drop:
		- "ALL"
		enabled: true
		privileged: false
		readOnlyRootFilesystem: true
		runAsGroup: 101
		runAsNonRoot: true
		runAsUser: 101
		seccompProfile:
		type: "RuntimeDefault"
		seLinuxOptions:
		{{ .Values.seLinuxOptions.matrixNeoBoardWidget \| toYaml \| nindent 4 }}

		global:
		domain: {{ .Values.global.domain \| quote }}
		hosts:
		{{ .Values.global.hosts \| toYaml \| nindent 4 }}
		imagePullSecrets:
		{{ .Values.global.imagePullSecrets \| toYaml \| nindent 4 }}

		image:
		imagePullPolicy: {{ .Values.global.imagePullPolicy \| quote }}
		registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoBoardWidget.registry \| quote }}
		repository: {{ .Values.images.matrixNeoBoardWidget.repository \| quote }}
		tag: {{ .Values.images.matrixNeoBoardWidget.tag \| quote }}

		ingress:
		enabled: {{ .Values.ingress.enabled }}
		ingressClassName: {{ .Values.ingress.ingressClassName \| quote }}
		tls:
		enabled: {{ .Values.ingress.tls.enabled }}
		secretName: {{ .Values.ingress.tls.secretName \| quote }}

		podAnnotations: {}

		podSecurityContext:
		enabled: true
		fsGroup: 101

		replicaCount: {{ .Values.replicas.matrixNeoBoardWidget }}

		resources:
		{{ .Values.resources.matrixNeoBoardWidget \| toYaml \| nindent 2 }}

		theme:
		{{ .Values.theme \| toYaml \| nindent 2 }}

		...

helmfile/apps/element/values-matrix-neochoice-widget.yaml.gotmpl

deleted100644 → 0

+0 −57

Original line number	Diff line number	Diff line
		{{/*
		SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
		SPDX-FileCopyrightText: 2023 Bundesministerium des Innern und für Heimat, PG ZenDiS "Projektgruppe für Aufbau ZenDiS"
		SPDX-License-Identifier: Apache-2.0
		*/}}
		---
		containerSecurityContext:
		allowPrivilegeEscalation: false
		capabilities:
		drop:
		- "ALL"
		enabled: true
		privileged: false
		readOnlyRootFilesystem: true
		runAsGroup: 101
		runAsNonRoot: true
		runAsUser: 101
		seccompProfile:
		type: "RuntimeDefault"
		seLinuxOptions:
		{{ .Values.seLinuxOptions.matrixNeoChoiceWidget \| toYaml \| nindent 4 }}

		global:
		domain: {{ .Values.global.domain \| quote }}
		hosts:
		{{ .Values.global.hosts \| toYaml \| nindent 4 }}
		imagePullSecrets:
		{{ .Values.global.imagePullSecrets \| toYaml \| nindent 4 }}

		image:
		imagePullPolicy: {{ .Values.global.imagePullPolicy \| quote }}
		registry: {{ coalesce .Values.repositories.image.registryOpencodeDe .Values.global.imageRegistry .Values.images.matrixNeoChoiceWidget.registry \| quote }}
		repository: {{ .Values.images.matrixNeoChoiceWidget.repository \| quote }}
		tag: {{ .Values.images.matrixNeoChoiceWidget.tag \| quote }}

		ingress:
		enabled: {{ .Values.ingress.enabled }}
		ingressClassName: {{ .Values.ingress.ingressClassName \| quote }}
		tls:
		enabled: {{ .Values.ingress.tls.enabled }}
		secretName: {{ .Values.ingress.tls.secretName \| quote }}

		podAnnotations: {}

		podSecurityContext:
		enabled: true
		fsGroup: 101

		replicaCount: {{ .Values.replicas.matrixNeoChoiceWidget }}

		theme:
		{{ .Values.theme \| toYaml \| nindent 2 }}

		resources:
		{{ .Values.resources.matrixNeoChoiceWidget \| toYaml \| nindent 2 }}

		...