Skip to main content

openDesk Apps

The apps that actually get deployed onto the K8s cluster — their per-app shape, the incidents that have hit them, and runbooks for verifying their data layer. Answers: "Why does Nextcloud trip a trusted-domain race on first boot?", "What is the OX bootstrap deadlock and what fixes it?", "Why is CryptPad force-enabled?", "What's the difference between Element, Matrix, and Synapse?", "What does OX's PRIMARYDB_9 mean and why does the deployer pre-create it?".

Audience: engineers debugging a specific app's deployment, doing app-level recovery, or onboarding to one of the openDesk apps.

What lives here

  • One app-* page per openDesk application — its purpose, key components, data stores, integrations.
  • Incidents specific to one app's runtime behavior (or a small cluster of apps).
  • Runbooks for app-level verification and recovery.

What does NOT live here:

  • The deployer mechanics (clone, render, push, sync) that make these apps deploy correctly — see deployment for steps, patches, fixes.
  • IdP/SSO integration mechanics — see idp (per-app OIDC client config IS noted here, but the IdP itself is its own topic).
  • Infrastructure layer (Postgres flexible-server, S3 buckets, Redis) that apps consume — see infrastructure.

Pages

Apps — file-sync & office (Nextcloud)

  • app-nextcloud — file sync & share; trusted-domain config; fs_config_store schema; init Job
  • app-collabora — collaborative document editing; consumed by Nextcloud
  • app-openproject — project management; bootstrap Job + seeder; integrates with Nextcloud
  • app-xwiki — wiki application; license-string handling

Apps — communication (Matrix family)

  • app-element-matrix — Element web client + Matrix integration
  • app-synapse — Matrix homeserver; UVS + neodatefix-bot accounts
  • app-jitsi — video conferencing; JVB / JICOFO / web

Apps — mail / OX

  • app-openxchange — OX App Suite (mail, calendar, contacts); initconfigdb / context bootstrap; OX MariaDB

Apps — other

  • app-cryptpad — encrypted collaborative editor; ships as part of B1, force-enabled

Incidents — Nextcloud

  • incident-nextcloud-trusted-domain-race — first-boot trusted-domain race; trigger and fix
  • incident-nextcloud-trusted-domain-management-race — race on management API for trusted-domain updates
  • incident-nextcloud-fs-config-store-missing — fs_config_store schema missing; init Job recovery

Incidents — OpenProject

  • incident-openproject-bootstrap-backoff — bootstrap Job hits backoff limit while waiting on Nextcloud trusted domain; backoffLimit raised to 20
  • incident-openproject-ee-token-yaml-folded (lives under config) — chart's openproject-seeder-1 Job fails on a YAML-folded EE token; auth_providers rolls back; /auth/keycloak 404

Incidents — OX

  • incident-ox-bootstrap-deadlock — OX bootstrap deadlock between MariaDB and the bootstrap Job; pre-create PRIMARYDB_9

Incidents — Matrix

  • incident-missing-matrix-postgres-db — Matrix Postgres DB not created; root cause and recovery
  • incident-vanished-stack-data-ums-job — UMS Job's stack data vanishing mid-run

Incidents — UMS / cross-app

  • incident-ums-wedge — UMS wedge: trust ArgoCD hook policy and liveness probe; do NOT delete from the deployer

Incidents — CryptPad

  • incident-cryptpad-disabled — early attempt to disable CryptPad; settled 2026-05-08, keep force-enabled

Runbooks

  • runbook-check-nextcloud-trusted-domains — verify and reconcile Nextcloud trusted-domain config
  • runbook-verify-ox-mariadb — verify OX MariaDB databases (PRIMARYDB_9, etc.) and contexts
  • runbook-recover-openproject-oidc-seeder — re-seed OP inline (with OPENPROJECT_SEED__ENTERPRISE__TOKEN unset) to recover from a /auth/keycloak 404 caused by incident-openproject-ee-token-yaml-folded
  • idp — every app integrates Keycloak via OIDC; SSO-side issues live there
  • deployment — the deployer steps, patches, and rendering-pipeline fixes that make these apps deploy correctly
  • infrastructure — managed Postgres / S3 / Redis that apps consume
  • security — per-app secret material lands in K8s Secrets via ESO
  • monitoring — once dashboards are wired, per-app health metrics live there

When to add a page here

  • A new openDesk app is added (app-*)
  • An app-specific incident with a distinct root cause occurs (incident-*)
  • An app-specific verification or recovery procedure is documented (runbook-*)
  • A decision on app inclusion / version pin / feature toggle is recorded (decision-*)

Generic deployer mechanics (helmfile, ArgoCD, rendering) belong in deployment — even when they were motivated by an app's quirks. Per-app patches applied to upstream charts/values are kept in deployment under patches & fixes; this topic covers the app's runtime behavior, not the chart-rewriting that gets it there.