Merge branch 'main' into bc-8618

ansible/group_vars/all/config.yml

@@ -1123,3 +1123,16 @@ configuration_all:
     server: true
     client: true
     nuxtclient: false
+  VIDIS_API_CLIENT_BASE_URL:
+    server: true
+    client: false
+    nuxtclient: false
+  VIDIS_SYNC_REGION:
+    server: true
+    client: false
+    nuxtclient: false
+  FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED:
+    value: "false"
+    server: true
+    client: false
+    nuxtclient: false

ansible/group_vars/all/instance_config_all.yml

@@ -30,7 +30,7 @@ TSP_SYNC_DATA_DAYS_TO_FETCH: "1"
 TSP_API_CLIENT_BASE_URL: ""
 TSP_API_CLIENT_TOKEN_LIFETIME_MS: "30000"
 FEATURE_TSP_MIGRATION_ENABLED: "false"
-TSP_SYNC_MIGRATION_LIMIT: "50"
+TSP_SYNC_MIGRATION_LIMIT: "500"
 
 ERWINIDM_PORT: 8089
 ERWINIDM_PREFIX: idm.

ansible/group_vars/all/with.yml

@@ -20,3 +20,4 @@ WITH_BOARD_COLLABORATION: false
 WITH_MIGRATION_SYSTEMS: false
 WITH_COMMON_CARTRIDGE: false
 WITH_CLAMMIT: false
+WITH_MEDIA_LICENSES: false

ansible/group_vars/develop/cfg.yml

@@ -37,8 +37,6 @@ SC_DEFAULT_STORAGE_CLASS_NAME: "nfs-client"
 
 BOARD_COLLABORATION_SERVER_REPLICAS: 1
 
-FEATURE_COLUMN_BOARD_SOCKET_ENABLED: "true"
-
 COMMON_CARTRIDGE_REPLICAS: 1
 
 SERVER_H5P_LIBRARY_MANAGEMENT_CRONJOB: "{{ 60 | random(seed=NAMESPACE) }} 3 * * 3,6"
@@ -53,6 +51,7 @@ SERVER_TSP_SYNC_CRONJOB_SCHEDULE: "{{ SERVER_TSP_RANDOM|int + 9 }} 20 * * *"
 SERVER_TSP_SYNC_BASE_CRONJOB: "{{ SERVER_TSP_RANDOM|int + 9 }} 3 * * *"
 SERVER_TSP_SYNC_SCHOOL_CRONJOB: "{{ SERVER_TSP_RANDOM|int + 39 }} 3 * * *"
 ROCKETCHAT_FIXUP_CRONJOB_SCHEDULE: "{{ 5 | random(seed=NAMESPACE) }}/5 * * * *"
+SERVER_VIDIS_SYNC_CRONJOB_SCHEDULE: "{{ 20 | random(seed=NAMESPACE) }} 4 * * *"
 
 # JWT_PUBLIC_KEY must be single quoted. When using double quotes newlines are replaced by spaces.
 JWT_PUBLIC_KEY: '-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAqYX8ofa9B+nL+IIPxHJSWgq/ZRYV95uwWkSsGAKG7pkRGhi9VrRr\nUxsVz8LWV2ZEL5+kgaPBmZgGixNk3Kmta86I3h6c0YS/GtD24D8rTdGnmH4LnwSv\n1VTfM5Wjo628cM7GD8SMSOr0iwMH/pEoDOISvfc4YPodO8KgUOFxEk/Py7fCIqNd\n2k60hFpodUt6aqP0gR2vt5Cd4qpRsxxQxJFmb3g57LOt3TOu6I2qD5FaMWEeyMdY\nPxm2DJex9FAxL5PtvDgMNa3u7L5tFysBy/axxpZtuPDYBzU5UeSG0izNEr1q/ZJr\nAqzcVaIvqXKM64iZS1CoP3QlCL/wcZUqPB25VHji7PV2Ddb23oyi7kNQ70c2hp8a\n3m8LRz9vVyNVby+yIdgMUaCboT/K8MocA9hNyb53zLMjDi+1QXx/CrU4BQQiPVvE\n+7wuywO9VGVX7Xfvm3aIWN3r6qPOb6IOhaoFXlXUaENEmyTxaRCsWzJTHL8Fao+x\nq+dwaarp32XfFLLj4LwMKosB5pSFXMXH8mhQiKTgU1BnVrcxvkNWbO84OLX4gHDq\nkODyueBDmkaUwEOuPZnPLZMi/EFHeJIf3xeqcexZ8MiIvu6GSSx+6ZSF2orRsZ6T\nvpD/2o9N4cgF8+U3ng37nM9ohaSSuG+ZnUFlQwEP7FJ7mHl/JS63VEUCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n'

ansible/group_vars/nbc/instance_cfg.yml

@@ -5,7 +5,7 @@ SC_TITLE: Niedersächsische Bildungscloud
 SC_PRODUCTNAME: Niedersächsische Bildungscloud
 SC_NAV_TITLE: Niedersächsische Bildungscloud
 SC_CONTACT_EMAIL: nbc-support@netz-21.de
-GLOBAL_ANNOUNCEMENT_TEXT: ''
+GLOBAL_ANNOUNCEMENT_TEXT: ""
 GLOBAL_ANNOUNCEMENT_ROLES: teacher,administrator
 TRAINING_URL: "https://openelec.moodle-nds.de/course/index.php?categoryid=53"
 
@@ -51,6 +51,7 @@ FEATURE_OTHER_GROUPUSERS_PROVISIONING_ENABLED: "true"
 FEATURE_SCHULCONNEX_MEDIA_LICENSE_ENABLED: "true"
 FEATURE_PREFERRED_CTL_TOOLS_ENABLED: "true"
 FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED: "true"
+FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED: "true"
 
 TEACHER_STUDENT_VISIBILITY__IS_ENABLED_BY_DEFAULT: "false"
 TEACHER_STUDENT_VISIBILITY__IS_CONFIGURABLE: "true"
@@ -122,6 +123,10 @@ SCHULCONNEX_CLIENT__TOKEN_ENDPOINT: "https://auth.stage.niedersachsen-login.schu
 
 PROVISIONING_SCHULCONNEX_POLICIES_INFO_URL: "https://api-dienste.stage.niedersachsen-login.schule/v1/policies-info"
 
+# VIDIS
+VIDIS_API_CLIENT_BASE_URL: "https://service-stage.vidis.schule/o/vidis-rest"
+VIDIS_SYNC_REGION: "test-region"
+
 # Ingress
 group_ingress:
   api_v1_roster:

ansible/group_vars/production/resources.yml

@@ -34,14 +34,14 @@ CLIENT_CPU_LIMITS: "1000m"
 CLIENT_CPU_REQUESTS: "100m"
 CLIENT_MEMORY_LIMITS: "1Gi"
 CLIENT_MEMORY_REQUESTS: "1Gi"
-ETHERPA_CPU_LIMITS: "1000m"
-ETHERPA_CPU_REQUESTS: "100m"
-ETHERPA_MEMORY_LIMITS: "1Gi"
-ETHERPA_MEMORY_REQUESTS: "1Gi"
-ETHERPA_NGINX_CPU_LIMITS: "1000m"
-ETHERPA_NGINX_CPU_REQUESTS: "100m"
-ETHERPA_NGINX_MEMORY_LIMITS: "1Gi"
-ETHERPA_NGINX_MEMORY_REQUESTS: "1Gi"
+ETHERPAD_CPU_LIMITS: "2000m"
+ETHERPAD_CPU_REQUESTS: "100m"
+ETHERPAD_MEMORY_LIMITS: "2Gi"
+ETHERPAD_MEMORY_REQUESTS: "2Gi"
+ETHERPAD_NGINX_CPU_LIMITS: "2000m"
+ETHERPAD_NGINX_CPU_REQUESTS: "100m"
+ETHERPAD_NGINX_MEMORY_LIMITS: "1Gi"
+ETHERPAD_NGINX_MEMORY_REQUESTS: "1Gi"
 HYDRA_CPU_MAX: "1000m"
 HYDRA_CPU_MIN: "100m"
 HYDRA_MEM_MAX: "1Gi"
@@ -135,3 +135,7 @@ TLDRAW_SERVER_WORKER_CPU_LIMITS: "2000m"
 TLDRAW_SERVER_WORKER_CPU_REQUESTS: "100m"
 TLDRAW_SERVER_WORKER_MEMORY_LIMITS,: "2Gi"
 TLDRAW_SERVER_WORKER_MEMORY_REQUESTS,: "2Gi"
+MEDIA_ACTIVATION_CPU_LIMITS: "2000m"
+MEDIA_ACTIVATION_CPU_REQUESTS: "100m"
+MEDIA_ACTIVATION_MEMORY_LIMITS: "2Gi"
+MEDIA_ACTIVATION_MEMORY_REQUESTS: "2Gi"

ansible/group_vars/reference/resources.yml

@@ -34,14 +34,14 @@ CLIENT_CPU_LIMITS: "1000m"
 CLIENT_CPU_REQUESTS: "100m"
 CLIENT_MEMORY_LIMITS: "1Gi"
 CLIENT_MEMORY_REQUESTS: "1Gi"
-ETHERPA_CPU_LIMITS: "1000m"
-ETHERPA_CPU_REQUESTS: "100m"
-ETHERPA_MEMORY_LIMITS: "1Gi"
-ETHERPA_MEMORY_REQUESTS: "1Gi"
-ETHERPA_NGINX_CPU_LIMITS: "1000m"
-ETHERPA_NGINX_CPU_REQUESTS: "100m"
-ETHERPA_NGINX_MEMORY_LIMITS: "1Gi"
-ETHERPA_NGINX_MEMORY_REQUESTS: "1Gi"
+ETHERPAD_CPU_LIMITS: "1000m"
+ETHERPAD_CPU_REQUESTS: "100m"
+ETHERPAD_MEMORY_LIMITS: "1Gi"
+ETHERPAD_MEMORY_REQUESTS: "1Gi"
+ETHERPAD_NGINX_CPU_LIMITS: "1000m"
+ETHERPAD_NGINX_CPU_REQUESTS: "100m"
+ETHERPAD_NGINX_MEMORY_LIMITS: "1Gi"
+ETHERPAD_NGINX_MEMORY_REQUESTS: "1Gi"
 H5P_PROXY_CPU_LIMITS: "1000m"
 H5P_PROXY_CPU_REQUESTS: "100m"
 H5P_PROXY_MEMORY_LIMITS: "1Gi"
@@ -135,3 +135,7 @@ TLDRAW_SERVER_WORKER_CPU_LIMITS: "2000m"
 TLDRAW_SERVER_WORKER_CPU_REQUESTS: "100m"
 TLDRAW_SERVER_WORKER_MEMORY_LIMITS,: "2Gi"
 TLDRAW_SERVER_WORKER_MEMORY_REQUESTS,: "2Gi"
+MEDIA_ACTIVATION_CPU_LIMITS: "2000m"
+MEDIA_ACTIVATION_CPU_REQUESTS: "100m"
+MEDIA_ACTIVATION_MEMORY_LIMITS: "2Gi"
+MEDIA_ACTIVATION_MEMORY_REQUESTS: "2Gi"

ansible/host_vars/nbc_host/with.yml

@@ -0,0 +1,2 @@
+# Media License (VIDIS)
+WITH_MEDIA_LICENSES: true

ansible/host_vars/prod-nbc/cfg.yml

@@ -22,3 +22,4 @@ PROVISIONING_SCHULCONNEX_POLICIES_INFO_URL: "https://api-dienste.moin.schule/v1/
 
 JWT_PUBLIC_KEY: '-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAx3s+uLFUG4TSEvXvPu8Kb9UqX5VKIlBjFggoprxbtDShykL+O+lY\nZNG2XJoZ1OCwsGify617OOr/+3XmPChXbDTiuAZAZv945zhZ6ebtkAkKvAzf1jU+\n0ZoidcrpjebCn5oZyZqLJm1uNRxlFkKKJSactc7DTT99NB/AP7CPBum6k5QG+XcB\nsn9KMzPB4jx2PFoMwDU7vOUbHqPrj+0n3lW8/xMcgwVqoWFE11C8oDSSZNcByATf\n8AfX4lfREmtj0HAD6KSXEiT+OM53KWhq7Sz8icE+eiq8oLka2T6kI7gP1N2+9ycq\nh+CtS30ABvQi1Z6meCOjPk8HOFFa3Vj5o2pnrx6cXng4EQL59Y4NzhOclkxOUrUm\nAzWT51g1EdfjTh4PYNCQNJdbfcHL8/H3y8Khg6YCE/6qU7lFyt2aLOriy0d7fTCP\nCA0eQPE71PtYmncW/vk9SCHfQG3Xri3si3MkRQyshYwKBEBIc0Is5owsByAyqxwU\n0NIv1bo7aSHSTt5Q5WYu9wku7YPRpfYprJs5GjlZUMRD++CHSdQz83pi331EsAyd\nPEccVP7tT3+cHlyF/5+qV5QIZ1da4c+ODydbsyYwpjQh9SReAQtZDkW6l/OcT3cp\n9zXc7mK1dgHMlgkHMR1D8qCCOj0CmFNdjlCQSbV0hXOeowBY8EGPBkkCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n'
 FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED: "false"
+FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED: "false"

ansible/host_vars/prod-nbc/smtp.yml

@@ -1,2 +1,2 @@
-SUPPORT_WISH_EMAIL_ADDRESS: "nbc-wunsch@netz-21.de"
-SUPPORT_PROBLEM_EMAIL_ADDRESS: "nbc-support@netz-21.de"
+SUPPORT_WISH_EMAIL_ADDRESS: "ticketsystem@niedersachsen.support"
+SUPPORT_PROBLEM_EMAIL_ADDRESS: "ticketsystem@niedersachsen.support"

ansible/host_vars/ref-nbc/cfg.yml

@@ -15,3 +15,4 @@ FEATURE_USER_MIGRATION_SYSTEM_ID: "62dab6401c473a01956a0d7d"
 
 JWT_PUBLIC_KEY: '-----BEGIN RSA PUBLIC KEY-----\nMIICCgKCAgEAuOzRE8DED9QaLtlnMUSNsz6ulucjKBpHfyGr8RAfowP9NtEaOVCv\nnWL2guKUY1rbl1mJMa56bJ+ZYvCUgYdLbRERpDK5mZtaEQ5SoNZ2qYWTEB58Dvm7\nR8OQZ2m3Hv6BZuiBSqWexl7Ns869yBAeE3842Frkm7wjnVG5cc7kp4H0oXTgGQ3d\n8lDswj8VL7h1w1NEDxd2+6IHE0MNnrvo3vcyLG5r3PNYLQZIRGlU0d5xNCUx+ewn\nVBlBaOfJ3cTp+Kl5Q7NBqttya0+YdmpZmcwk20GT89UhCt5EC7G1YyOcwtBcRvBx\nu52A5Q2C2dUZdy48M4Brhtbw8WpFuk54YUbdq0LtO6GCg79XkhSaBAYMKPAYiwWT\np53B+cWiCEKPdX5X7UoE2GVA1ycMRxarpUjz386ckvOd+bMSWdf/41EeGBXhlaDQ\ndLfh/NVR2XJw7TVuxwgUP1qXNQHCG+oEM6LifhouVVESjyweL81w/ayBS0aiY85Q\nYnypmAxh44NrPRHRK56dnJjhqvVA9nSKi3r2EloHu61rQ1pFMy5G30w0xIa0I9Hy\n4DEGntdntEKwXZjtURdmfSZJdQh9pV6FO7UHioMTSbU3290/MaHeNm7SnmeSjodT\nVhSE9O8mXgpiofQAfj9ebv9VKLo55mDh+f/wVzSLRgxgsyKHMnKTBGMCAwEAAQ==\n-----END RSA PUBLIC KEY-----\n'
 FEATURE_EXTERNAL_SYSTEM_LOGOUT_ENABLED: "false"
+FEATURE_VIDIS_MEDIA_ACTIVATIONS_ENABLED: "false"

ansible/host_vars/thr_host/cfg.yml

@@ -6,4 +6,5 @@ NEXTCLOUD_REDIRECT_URL: https://nextcloud-thr.dbildungscloud.dev/apps/files/?dir
 NEXTCLOUD_BASE_URL: https://nextcloud-thr.dbildungscloud.dev/
 
 FEATURE_TSP_SYNC_ENABLED: "true"
-TSP_API_CLIENT_BASE_URL: https://test2.schulportal-thueringen.de/tip-ms/api
+FEATURE_TSP_MIGRATION_ENABLED: "true"
+TSP_API_CLIENT_BASE_URL: https://test.schulportal-thueringen.de/tip-ms/api

ansible/host_vars/thr_host/with.yml

@@ -1,2 +1,2 @@
-WITH_TSP_SYNC: "true"
-WITH_TSP: "false"
+WITH_TSP_SYNC: true
+WITH_TSP: false

ansible/playbook.yml

@@ -51,3 +51,4 @@
     - ingress
     - post_deployment
     - moin-schule-sync
+    - media-licenses

ansible/playbook_rollout.yml

@@ -55,3 +55,4 @@
     - role: post_deployment
     - role: moin-schule-sync
       when: WITH_MOIN_SCHULE is defined and WITH_MOIN_SCHULE|bool
+    - role: media-licenses

ansible/roles/clamav/defaults/main.yml

@@ -0,0 +1,2 @@
+CLAMAV_IMAGE_NAME: docker.io/clamav/clamav
+CLAMAV_IMAGE_TAG: 1.4.1

ansible/roles/clamav/templates/configmap.yml.j2

@@ -8,3 +8,4 @@ metadata:
 data:
 
   CLAMD_CONF_StreamMaxLength: 3000M
+  CLAMD_CONF_AlertBrokenExecutables: 'yes'

ansible/roles/clamav/templates/deployment.yml.j2

@@ -44,6 +44,12 @@ spec:
         envFrom:
         - configMapRef:
             name: clamav-configmap
+        startupProbe:
+          exec:
+            command:
+            - clamdcheck.sh
+          failureThreshold: 30
+          periodSeconds: 10
         resources:
           limits:
             cpu: {{ CLAMAV_CPU_MAX|default("500m", true) }}

ansible/roles/dof_etherpad/templates/deployment.yml.j2

@@ -67,11 +67,24 @@ spec:
           name: apikey
         resources:
           limits:
-            cpu: {{ ETHERPA_CPU_LIMITS|default("1000m", true) }}
-            memory: {{ ETHERPA_MEMORY_LIMITS|default("1Gi", true) }}
+            cpu: {{ ETHERPAD_CPU_LIMITS|default("1000m", true) }}
+            memory: {{ ETHERPAD_MEMORY_LIMITS|default("1Gi", true) }}
           requests:
-            cpu: {{ ETHERPA_CPU_REQUESTS|default("100m", true) }}
-            memory: {{ ETHERPA_MEMORY_REQUESTS|default("128Mi", true) }}
+            cpu: {{ ETHERPAD_CPU_REQUESTS|default("100m", true) }}
+            memory: {{ ETHERPAD_MEMORY_REQUESTS|default("128Mi", true) }}
+        readinessProbe:
+          httpGet:
+            path: /health
+            port: 9001
+          initialDelaySeconds: 60
+          periodSeconds: 10
+        livenessProbe:
+          httpGet:
+            path: /health
+            port: 9001
+          initialDelaySeconds: 60
+          periodSeconds: 10
+          failureThreshold: 3
       volumes:
       - name: apikey
         secret:

ansible/roles/dof_etherpad/templates/nginx-deployment.yml.j2

@@ -58,11 +58,11 @@ spec:
           name: defaultconf
         resources:
           limits:
-            cpu: {{ ETHERPA_NGINX_CPU_LIMITS|default("1000m", true) }}
-            memory: {{ ETHERPA_NGINX_MEMORY_LIMITS|default("1Gi", true) }}
+            cpu: {{ ETHERPAD_NGINX_CPU_LIMITS|default("1000m", true) }}
+            memory: {{ ETHERPAD_NGINX_MEMORY_LIMITS|default("1Gi", true) }}
           requests:
-            cpu: {{ ETHERPA_NGINX_CPU_REQUESTS|default("100m", true) }}
-            memory: {{ ETHERPA_NGINX_MEMORY_REQUESTS|default("128Mi", true) }}
+            cpu: {{ ETHERPAD_NGINX_CPU_REQUESTS|default("100m", true) }}
+            memory: {{ ETHERPAD_NGINX_MEMORY_REQUESTS|default("128Mi", true) }}
         livenessProbe:
           httpGet:
             path: /

ansible/roles/namespace-activator-scaled-objects/defaults/main.yml

@@ -35,6 +35,6 @@ deployments_for_scaled_objects:
   - name: tldraw-server-deployment
   - name: tldraw-worker-deployment
   - name: tldraw-client-deployment
-  - name: valkey-node
+  - name: tldraw-valkey-node
     kind: StatefulSet
     replicaCount: "{{TLDRAW_VALKEY_REPLICAS}}"