openDesk Apps
The apps that actually get deployed onto the K8s cluster — their per-app shape, the incidents that have hit them, and runbooks for verifying their data layer. Answers: "Why does Nextcloud trip a trusted-domain race on first boot?", "What is the OX bootstrap deadlock and what fixes it?", "Why is CryptPad force-enabled?", "What's the difference between Element, Matrix, and Synapse?", "What does OX's
PRIMARYDB_9mean and why does the deployer pre-create it?".Audience: engineers debugging a specific app's deployment, doing app-level recovery, or onboarding to one of the openDesk apps.
What lives here
- One
app-*page per openDesk application — its purpose, key components, data stores, integrations. - Incidents specific to one app's runtime behavior (or a small cluster of apps).
- Runbooks for app-level verification and recovery.
What does NOT live here:
- The deployer mechanics (clone, render, push, sync) that make these apps deploy correctly — see deployment for steps, patches, fixes.
- IdP/SSO integration mechanics — see idp (per-app OIDC client config IS noted here, but the IdP itself is its own topic).
- Infrastructure layer (Postgres flexible-server, S3 buckets, Redis) that apps consume — see infrastructure.
Pages
Apps — file-sync & office (Nextcloud)
- app-nextcloud — file sync & share; trusted-domain config;
fs_config_storeschema; init Job - app-collabora — collaborative document editing; consumed by Nextcloud
- app-openproject — project management; bootstrap Job + seeder; integrates with Nextcloud
- app-xwiki — wiki application; license-string handling
Apps — communication (Matrix family)
- app-element-matrix — Element web client + Matrix integration
- app-synapse — Matrix homeserver; UVS + neodatefix-bot accounts
- app-jitsi — video conferencing; JVB / JICOFO / web
Apps — mail / OX
- app-openxchange — OX App Suite (mail, calendar, contacts);
initconfigdb/ context bootstrap; OX MariaDB
Apps — other
- app-cryptpad — encrypted collaborative editor; ships as part of B1, force-enabled
Incidents — Nextcloud
- incident-nextcloud-trusted-domain-race — first-boot trusted-domain race; trigger and fix
- incident-nextcloud-trusted-domain-management-race — race on management API for trusted-domain updates
- incident-nextcloud-fs-config-store-missing —
fs_config_storeschema missing; init Job recovery
Incidents — OpenProject
- incident-openproject-bootstrap-backoff — bootstrap Job hits backoff limit while waiting on Nextcloud trusted domain; backoffLimit raised to 20
- incident-openproject-ee-token-yaml-folded (lives under config) — chart's
openproject-seeder-1Job fails on a YAML-folded EE token;auth_providersrolls back;/auth/keycloak404
Incidents — OX
- incident-ox-bootstrap-deadlock — OX bootstrap deadlock between MariaDB and the bootstrap Job; pre-create
PRIMARYDB_9
Incidents — Matrix
- incident-missing-matrix-postgres-db — Matrix Postgres DB not created; root cause and recovery
- incident-vanished-stack-data-ums-job — UMS Job's stack data vanishing mid-run
Incidents — UMS / cross-app
- incident-ums-wedge — UMS wedge: trust ArgoCD hook policy and liveness probe; do NOT delete from the deployer
Incidents — CryptPad
- incident-cryptpad-disabled — early attempt to disable CryptPad; settled 2026-05-08, keep force-enabled
Runbooks
- runbook-check-nextcloud-trusted-domains — verify and reconcile Nextcloud trusted-domain config
- runbook-verify-ox-mariadb — verify OX MariaDB databases (PRIMARYDB_9, etc.) and contexts
- runbook-recover-openproject-oidc-seeder — re-seed OP inline (with
OPENPROJECT_SEED__ENTERPRISE__TOKENunset) to recover from a/auth/keycloak404 caused by incident-openproject-ee-token-yaml-folded
Related topics
- idp — every app integrates Keycloak via OIDC; SSO-side issues live there
- deployment — the deployer steps, patches, and rendering-pipeline fixes that make these apps deploy correctly
- infrastructure — managed Postgres / S3 / Redis that apps consume
- security — per-app secret material lands in K8s Secrets via ESO
- monitoring — once dashboards are wired, per-app health metrics live there
When to add a page here
- A new openDesk app is added (
app-*) - An app-specific incident with a distinct root cause occurs (
incident-*) - An app-specific verification or recovery procedure is documented (
runbook-*) - A decision on app inclusion / version pin / feature toggle is recorded (
decision-*)
Generic deployer mechanics (helmfile, ArgoCD, rendering) belong in deployment — even when they were motivated by an app's quirks. Per-app patches applied to upstream charts/values are kept in deployment under patches & fixes; this topic covers the app's runtime behavior, not the chart-rewriting that gets it there.