suse-coder
diff --git a/‎README.md‎
Lines changed: 1 addition & 1 deletion b/‎README.md‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎charts/opencloud-microservices/Chart.yaml‎
Lines changed: 2 additions & 2 deletions b/‎charts/opencloud-microservices/Chart.yaml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎charts/opencloud-microservices/README.md‎
Lines changed: 25 additions & 63 deletions b/‎charts/opencloud-microservices/README.md‎
Lines changed: 25 additions & 63 deletions
diff --git a/‎charts/opencloud-microservices/deployments/helm/helmfile.yaml‎
Lines changed: 3 additions & 3 deletions b/‎charts/opencloud-microservices/deployments/helm/helmfile.yaml‎
Lines changed: 3 additions & 3 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/configmap.yaml‎
Lines changed: 57 additions & 3 deletions b/‎charts/opencloud-microservices/deployments/timoni/configmap.yaml‎
Lines changed: 57 additions & 3 deletions
diff --git a/‎charts/opencloud-microservices/deployments/timoni/job.yaml‎
Lines changed: 22 additions & 0 deletions b/‎charts/opencloud-microservices/deployments/timoni/job.yaml‎
Lines changed: 22 additions & 0 deletions
@@ -105,7 +105,7 @@ A lightweight single-container deployment for development and testing:
 
 ## 📜 License
 
-This project is licensed under the **AGPLv3** licence. See the [LICENSE](LICENSE) file for more details.
+This project is licensed under the **AGPLv3** license. See the [LICENSE](LICENSE) file for more details.
 
 ## Community Maintained
 
 
@@ -12,9 +12,9 @@ maintainers:
     email: [email protected]
     url: https://opencloud.eu
 type: application
-version: 0.1.0
+version: 0.2.7
 # renovate: datasource=docker depName=opencloudeu/opencloud-rolling
-appVersion: 3.2.0
+appVersion: 3.4.0
 kubeVersion: ""
 sources:
   - https://github.com/opencloud-eu/helm
 
@@ -997,71 +997,9 @@ Or via command line:
 --set opencloud.proxy.basicAuth.enabled=true
 ```
 
-
-#### Improved Namespace Handling
-
-The chart now automatically uses the correct namespace across all resources, eliminating the need to manually set the namespace in multiple places.
-
-The following HTTPRoutes are created when `httpRoute.enabled` is set to `true`:
-
-1. **OpenCloud Proxy HTTPRoute (`oc-proxy-https`)**:
-   - Hostname: `global.domain.opencloud`
-   - Service: `{{ release-name }}-opencloud`
-   - Port: 9200
-   - Headers: Removes Permissions-Policy header to prevent browser console errors
-
-2. **Keycloak HTTPRoute (`oc-keycloak-https`)** (when `keycloak.enabled` is `true`):
-   - Hostname: `global.domain.keycloak`
-   - Service: `{{ release-name }}-keycloak`
-   - Port: 8080
-   - Headers: Adds Permissions-Policy header to prevent browser features like interest-based advertising
-
-3. **MinIO HTTPRoute (`oc-minio-https`)** (when `opencloud.storage.s3.internal.enabled` is `true`):
-   - Hostname: `global.domain.minio`
-   - Service: `{{ release-name }}-minio`
-   - Port: 9001
-   - Headers: Adds Permissions-Policy header to prevent browser features like interest-based advertising
-
-   default user: opencloud
-   pass: opencloud-secret-key
-
-4. **MinIO Console HTTPRoute (`oc-minio-console-https`)** (when `opencloud.storage.s3.internal.enabled` is `true`):
-   - Hostname: `console.minio.opencloud.test` (or `global.domain.minioConsole` if defined)
-   - Service: `{{ release-name }}-minio`
-   - Port: 9001
-   - Headers: Adds Permissions-Policy header to prevent browser features like interest-based advertising
-
-5. **OnlyOffice HTTPRoute (`oc-onlyoffice-https`)** (when `onlyoffice.enabled` is `true`):
-   - Hostname: `global.domain.onlyoffice`
-   - Service: `{{ release-name }}-onlyoffice`
-   - Port: 443 (or 80 if using HTTP)
-   - Path: "/"
-   - This route is used to access the OnlyOffice Document Server for collaborative editing
-
-6. **WOPI HTTPRoute (`oc-wopi-https`)** (when `onlyoffice.collaboration.enabled` and `onlyoffice.enabled` are `true`):
-   - Hostname: `global.domain.wopi` (or `collaboration.wopiDomain`)
-   - Service: `{{ release-name }}-collaboration`
-   - Port: 9300
-   - Path: "/"
-   - This route is used for the WOPI protocol communication between OnlyOffice and the collaboration service
-
-7. **Collabora HTTPRoute** (when `collabora.enabled` is `true`):
-   - Hostname: `global.domain.collabora`
-   - Service: `{{ release-name }}-collabora`
-   - Port: 9980
-   - Headers: Adds Permissions-Policy header to prevent browser features like interest-based advertising
-
-8. **Collaboration (WOPI) HTTPRoute** (when `collaboration.enabled` is `true`):
-   - Hostname: `collaboration.wopiDomain`
-   - Service: `{{ release-name }}-collaboration`
-   - Port: 9300
-   - Headers: Adds Permissions-Policy header to prevent browser features like interest-based advertising
-
-All HTTPRoutes are configured to use the same Gateway specified by `httpRoute.gateway.name` and `httpRoute.gateway.namespace`.
-
 ## Setting Up Gateway API with Talos, Cilium, and cert-manager
 
-This section provides a practical guide to setting up the Gateway API with Talos, Cilium, and cert-manager for the production OpenCloud chart.
+This section provides a practical guide to setting up the Gateway API with Talos Kubernetes, Cilium, and cert-manager for the production OpenCloud chart.
 
 ### Prerequisites
 
@@ -1235,6 +1173,30 @@ spec:
       allowedRoutes:
         namespaces:
           from: All
+    - name: oc-collabora-https
+      protocol: HTTPS
+      port: 443
+      hostname: "collabora.opencloud.test"
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: opencloud-wildcard-tls
+            namespace: kube-system
+      allowedRoutes:
+        namespaces:
+          from: All
+    - name: oc-collaboration-https
+      protocol: HTTPS
+      port: 443
+      hostname: "collaboration.opencloud.test"
+      tls:
+        mode: Terminate
+        certificateRefs:
+          - name: opencloud-wildcard-tls
+            namespace: kube-system
+      allowedRoutes:
+        namespaces:
+          from: All
     - name: oc-onlyoffice-https
       protocol: HTTPS
       port: 443
 
@@ -27,7 +27,7 @@ releases:
           enabled: true # Enable Keycloak for authentication.
           domain: keycloak.opencloud.test # Domain for Keycloak.
       - minio:
-          enabled: true # Enable MinIO for object storage.
+          enabled: false # Enable MinIO for object storage.
           domain: minio.opencloud.test # Domain for MinIO.
           config:
             persistence:
@@ -151,8 +151,8 @@ releases:
                 - ReadWriteOnce
               storageClassName: 
             storageBackend:
-              driver: decomposeds3
- 
+              driver: posix
+
           thumbnails:
             persistence:
               enabled: true
 
@@ -9,6 +9,11 @@ metadata:
   name: openldap
 ---
 apiVersion: v1
+kind: Namespace
+metadata:
+  name: clamav
+---
+apiVersion: v1
 kind: ConfigMap
 metadata:
   name: opencloud-config
@@ -18,21 +23,40 @@ data:
   # Global Configuration
   ###############################################################################
   EXTERNAL_DOMAIN: "cloud.opencloud.test"
+  TAG: ""
+
+  ###############################################################################
+  # Deployment Strategy
+  ###############################################################################
+  DEPLOY_TYPE: "Recreate"
+  MAX_SURGE: "25%"
+  MAX_UNAV: "25%"
+
   OPENCLOUD_WEB_URL: "https://www.opencloud.eu"
   OPENCLOUD_LOGGING_LEVEL: "debug"
+
+  ###############################################################################
+  # Ingress
+  ###############################################################################
   INGRESS_ENABLED: "false"
   INGRESS_CLASS_NAME: "nginx"
   INGRESS_PROXY_BODY_SIZE: "1024m"
   GATEWAY_HTTPROUTE_ENABLED: "true"
+
+  ###############################################################################
+  # OIDC Configuration
+  ###############################################################################
+  OIDC_IDP_INSECURE: "true"
+  OC_HTTP_API_INSECURE: "true"
   APPS_INTEGRATION_ENABLED: "true"
   WEB_OIDC_WEB_CLIENT_ID: "web"
 
   ###############################################################################
   # Persistence StorageClass and AccessModes (global defaults)
   ###############################################################################
-  PERSISTENCE_STORAGE_CLASS_NAME: "ceph-cephfs"
+  PERSISTENCE_STORAGE_CLASS_NAME: ""
   # Comma-separated for runtime to split into a list, e.g. "ReadWriteMany" or "ReadWriteOnce,ReadOnlyMany"
-  PERSISTENCE_ACCESS_MODES: "ReadWriteMany"
+  PERSISTENCE_ACCESS_MODES: "ReadWriteOnce"
 
   ###############################################################################
   # Persistence (service PVC sizes and toggles)
@@ -70,7 +94,7 @@ data:
   # Internal Minio (for testing only)
   ###############################################################################
   MINIO_DOMAIN: "minio.opencloud.test"
-  MINIO_ENABLED: "true"
+  MINIO_ENABLED: "false"
   MINIO_PERSISTENCE_SIZE: "40Gi"
 
   ###############################################################################
@@ -105,6 +129,11 @@ data:
   ###############################################################################
   SEARCH_EXTRACTOR_TYPE: "tika"
 
+  ###############################################################################
+  # Demo Users
+  ###############################################################################
+  DEMO_USERS_ENABLED: "false"
+
   ###############################################################################
   # Collabora Configuration
   ###############################################################################
@@ -134,3 +163,28 @@ data:
   ###############################################################################
   WOPI_INGRESS_DOMAIN: "wopi.opencloud.test"
   WOPI_COLLABORA_TLS_HOST: "wopi-collabora.kube.opencloud.test"
+
+  ###############################################################################
+  # Antivirus
+  ###############################################################################
+  ANTIVIRUS_ENABLED: "true"
+  ANTIVIRUS_INFECTED_FILE_HANDLING: "abort"
+  ANTIVIRUS_ICAP_URL: "http://clamav-icap.clamav:1344"
+  ANTIVIRUS_ICAP_SERVICE: "avscan"
+
+  ###############################################################################
+  # ClamAV Configuration
+  ###############################################################################
+  CLAMAV_REPLICA_COUNT: "1"
+  CLAMAV_RESOURCES_LIMITS_CPU: "500m"
+  CLAMAV_RESOURCES_LIMITS_MEMORY: "512Mi"
+  CLAMAV_RESOURCES_REQUESTS_CPU: "250m"
+  CLAMAV_RESOURCES_REQUESTS_MEMORY: "256Mi"
+  CLAMAV_PERSISTENCE_SIZE: "10Gi"
+  CLAMAV_FRESHCLAM_IMAGE_TAG: "1.4.0"
+  CLAMAV_CLAMD_IMAGE_TAG: "1.4.0"
+  CLAMAV_ICAP_IMAGE_TAG: "0.5.10"
+  CLAMAV_ICAP_IMAGE_REPOSITORY: "bmi/opendesk/components/platform-development/images/clamav-icap"
+  CLAMAV_ICAP_IMAGE_REGISTRY: "registry.opencode.de"
+  CLAMAV_ICAP_CLAMD_HOST: "clamav-clamd"
+  CLAMAV_MILTER_CLAMD_HOST: "clamav-clamd"
@@ -0,0 +1,22 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: clamav-db-chown
+  namespace: clamav
+spec:
+  backoffLimit: 1
+  template:
+    spec:
+      restartPolicy: Never
+      containers:
+        - name: chown
+          image: busybox:1.36
+          imagePullPolicy: IfNotPresent
+          command: ["/bin/sh", "-c", "chown -R 100:100 /var/lib/clamav"]
+          volumeMounts:
+            - name: clamav-database
+              mountPath: /var/lib/clamav
+      volumes:
+        - name: clamav-database
+          persistentVolumeClaim:
+            claimName: clamav-db