coop-cloud/vikunja
coop-cloud
/
vikunja
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

add config

This commit is contained in:
Philipp Rothmann 2022-07-10 00:16:33 +02:00
parent ae8fb341c9
commit d3dc008f5b
6 changed files with 420 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
.env.sample
View File

@ -6,3 +6,28 @@ DOMAIN=vikunja.example.com
#EXTRA_DOMAINS=', `www.vikunja.example.com`'
LETS_ENCRYPT_ENV=production
SECRET_DB_PASSWORD_VERSION=V1
SECRET_JWT_SECRET_VERSION=v1
LOG_LEVEL=INFO
COMPOSE_FILE=compose.yml
# SSO OAUTH
# e.g. see https://goauthentik.io/integrations/services/vikunja/
# COMPOSE_FILE="${COMPOSE_FILE}:compose.oauth.yml"
# OAUTH_ENABLED=true
# OAUTH_NAME
# OAUTH_URL
# OAUTH_CLIENT_ID
# SECRET_OAUTH_SECRET_VERSION=V1
# E-MAIL
# COMPOSE_FILE="${COMPOSE_FILE}:compose.smtp.yml"
# SMTP_ENABLED=true
# SMTP_HOST=mail.example.com
# SMTP_AUTHTYPE=plain # possible: plain, login, cram-md5
# SMTP_USER=user
# SMTP_FROM_EMAIL=user@example.com
# SECRET_SMTP_PASSWORD_VERSION=v1

1
abra.sh Normal file
View File

@ -0,0 +1 @@
export CONFIG_YML_VERSION=v1

17
compose.oauth.yml Normal file
View File

@ -0,0 +1,17 @@
version: '3.8'
services:
api:
environment:
- OAUTH_ENABLED
- OAUTH_NAME
- OAUTH_URL
- OAUTH_CLIENT_ID
- SECRET_OAUTH_SECRET_VERSION=V1
secrets:
- oauth_secret
secrets:
oauth_secret:
external: true
name: ${STACK_NAME}_oauth_secret_${SECRET_OAUTH_SECRET_VERSION}

18
compose.smtp.yml Normal file
View File

@ -0,0 +1,18 @@
version: "3.8"
services:
app:
environment:
- SMTP_ENABLED
- SMTP_HOST
- SMTP_AUTHTYPE
- SMTP_USER
- SMTP_FROM_EMAIL
secrets:
- smtp_pasword
secrets:
smtp_password:
external: true
name: ${STACK_NAME}_smtp_password_${SECRET_SMTP_PASSWORD_VERSION}

47
compose.yml
View File

@ -5,20 +5,19 @@ services:
api:
image: vikunja/api
environment:
VIKUNJA_DATABASE_HOST: db
VIKUNJA_DATABASE_PASSWORD: secret
VIKUNJA_DATABASE_TYPE: postgres
VIKUNJA_DATABASE_USER: vikunja
VIKUNJA_DATABASE_DATABASE: vikunja
VIKUNJA_REDIS_ENABLED: 1
VIKUNJA_REDIS_HOST: 'redis:6379'
VIKUNJA_CACHE_ENABLED: 1
VIKUNJA_CACHE_TYPE: redis
- DOMAIN
- LOG_LEVEL
volumes:
- files:/app/vikunja/files
networks:
- proxy
- internal
secrets:
- jwt_secret
- db_password
configs:
- source: config_yml
target: /app/vikunja/config.yml
deploy:
restart_policy:
condition: on-failure
@ -28,12 +27,12 @@ services:
- "traefik.http.routers.${STACK_NAME}_api.rule=Host(`${DOMAIN}`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)"
- "traefik.http.routers.${STACK_NAME}_api.entrypoints=web-secure"
- "traefik.http.routers.${STACK_NAME}_api.tls.certresolver=${LETS_ENCRYPT_ENV}"
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:3456"]
# interval: 30s
# timeout: 10s
# retries: 10
# start_period: 1m
# healthcheck:
# test: ["CMD", "curl", "-f", "http://localhost:3456"]
# interval: 30s
# timeout: 10s
# retries: 10
# start_period: 1m
app:
image: vikunja/frontend
@ -64,7 +63,7 @@ services:
db:
image: postgres:13
environment:
POSTGRES_PASSWORD: secret
POSTGRES_PASSWORD_FILE: /run/secrets/db_password
POSTGRES_USER: vikunja
POSTGRES_DB: vikunja
volumes:
@ -73,6 +72,8 @@ services:
test: ["CMD", "pg_isready", "-U", "vikunja"]
networks:
- internal
secrets:
- db_password
deploy:
restart_policy:
condition: on-failure
@ -91,3 +92,17 @@ networks:
proxy:
external: true
internal:
configs:
config_yml:
name: ${STACK_NAME}_config_yml_${CONFIG_YML_VERSION}
file: config.yml.tmpl
template_driver: golang
secrets:
db_password:
external: true
name: ${STACK_NAME}_db_password_${SECRET_DB_PASSWORD_VERSION}
jwt_secret:
external: true
name: ${STACK_NAME}_jwt_secret_${SECRET_JWT_SECRET_VERSION}

328
config.yml.tmpl Normal file
View File

@ -0,0 +1,328 @@
service:
# This token is used to verify issued JWT tokens.
# Default is a random token which will be generated at each startup of vikunja.
# (This means all already issued tokens will be invalid once you restart vikunja)
JWTSecret: {{ secret "jwt_secret" }}
# # The duration of the issed JWT tokens in seconds.
# # The default is 259200 seconds (3 Days).
# jwtttl: 259200
# # The duration of the "remember me" time in seconds. When the login request is made with
# # the long param set, the token returned will be valid for this period.
# # The default is 2592000 seconds (30 Days).
# jwtttllong: 2592000
# # The interface on which to run the webserver
# interface: ":3456"
# # Path to Unix socket. If set, it will be created and used instead of tcp
# unixsocket:
# # Permission bits for the Unix socket. Note that octal values must be prefixed by "0o", e.g. 0o660
# unixsocketmode:
# # The URL of the frontend, used to send password reset emails.
frontendurl: https://{{ env "DOMAIN" }}
# # The base path on the file system where the binary and assets are.
# # Vikunja will also look in this path for a config file, so you could provide only this variable to point to a folder
# # with a config file which will then be used.
# rootpath: <rootpath>
# # Path on the file system to serve static files from. Set to the path of the frontend files to host frontend alongside the api.
# staticpath: ""
# # The max number of items which can be returned per page
# maxitemsperpage: 50
# # Enable the caldav endpoint, see the docs for more details
# enablecaldav: true
# # Set the motd message, available from the /info endpoint
# motd: ""
# # Enable sharing of lists via a link
# enablelinksharing: true
# # Whether to let new users registering themselves or not
# enableregistration: true
# # Whether to enable task attachments or not
# enabletaskattachments: true
# # The time zone all timestamps are in. Please note that time zones have to use [the official tz database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). UTC or GMT offsets won't work.
# timezone: GMT
# # Whether task comments should be enabled or not
# enabletaskcomments: true
# # Whether totp is enabled. In most cases you want to leave that enabled.
# enabletotp: true
# # If not empty, enables logging of crashes and unhandled errors in sentry.
# sentrydsn: ''
# # If not empty, this will enable `/test/{table}` endpoints which allow to put any content in the database.
# # Used to reset the db before frontend tests. Because this is quite a dangerous feature allowing for lots of harm,
# # each request made to this endpoint neefs to provide an `Authorization: <token>` header with the token from below. <br/>
# # **You should never use this unless you know exactly what you're doing**
# testingtoken: ''
# # If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder
# # is due.
# enableemailreminders: true
# # If true, will allow users to request the complete deletion of their account. When using external authentication methods
# # it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands
# # for user deletion.
# enableuserdeletion: true
# # The maximum size clients will be able to request for user avatars.
# # If clients request a size bigger than this, it will be changed on the fly.
# maxavatarsize: 1024
#
database:
# Database type to use. Supported types are mysql, postgres and sqlite.
type: "postgres"
# Database user which is used to connect to the database.
user: "vikunja"
# Database password
password: {{ secret "db_password" }}
# Database host
host: "db"
# Database to use
database: "vikunja"
# # When using sqlite, this is the path where to store the data
# path: "./vikunja.db"
# # Sets the max open connections to the database. Only used when using mysql and postgres.
# maxopenconnections: 100
# # Sets the maximum number of idle connections to the db.
# maxidleconnections: 50
# # The maximum lifetime of a single db connection in miliseconds.
# maxconnectionlifetime: 10000
# # Secure connection mode. Only used with postgres.
# # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
# sslmode: disable
# # The path to the client cert. Only used with postgres.
# sslcert: ""
# # The path to the client key. Only used with postgres.
# sslkey: ""
# # The path to the ca cert. Only used with postgres.
# sslrootcert: ""
# # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
# tls: false
#
cache:
# If cache is enabled or not
enabled: true
# Cache type. Possible values are "keyvalue", "memory" or "redis".
# When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section.
# When choosing "redis" you will need to configure the redis connection seperately.
type: redis
# When using memory this defines the maximum size an element can take
# maxelementsize: 1000
redis:
# Whether to enable redis or not
enabled: true
# The host of the redis server including its port.
host: 'redis:6379'
# The password used to authenicate against the redis server
password: ''
# 0 means default database
db: 0
#
# cors:
# # Whether to enable or disable cors headers.
# # Note: If you want to put the frontend and the api on seperate domains or ports, you will need to enable this.
# # Otherwise the frontend won't be able to make requests to the api through the browser.
# enable: true
# # A list of origins which may access the api. These need to include the protocol (`http://` or `https://`) and port, if any.
# origins:
# - "*"
# # How long (in seconds) the results of a preflight request can be cached.
# maxage: 0
#
{{ if eq (env "SMTP_ENABLED") "true" }}
mailer:
# Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
enabled: {{ env "SMTP_ENABLED" }}
# SMTP Host
host: {{ env "SMTP_HOST" }}
# SMTP Host port
port: 587
# SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`.
authtype: {{ env "SMTP_AUTHTYPE" }}
# SMTP username
username: {{ env "SMTP_USER" }}
# SMTP password
password: {{ secret "SMTP_PASSWORD" }}
# Wether to skip verification of the tls certificate on the server
skiptlsverify: false
# The default from address when sending emails
fromemail: {{ secret "SMTP_FROM_EMAIL" }}
# The length of the mail queue.
queuelength: 100
# The timeout in seconds after which the current open connection to the mailserver will be closed.
queuetimeout: 30
# By default, vikunja will try to connect with starttls, use this option to force it to use ssl.
forcessl: false
{{ end }}
log:
# # A folder where all the logfiles should go.
# path: <rootpath>logs
# # Whether to show any logging at all or none
enabled: true
# # Where the normal log should go. Possible values are stdout, stderr, file or off to disable standard logging.
standard: "stdout"
# # Change the log level. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
level: {{ env "LOG_LEVEL" }}
# # Whether or not to log database queries. Useful for debugging. Possible values are stdout, stderr, file or off to disable database logging.
# database: "stdout"
# # The log level for database log messages. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
# databaselevel: "DEBUG"
# # Whether to log http requests or not. Possible values are stdout, stderr, file or off to disable http logging.
# http: "stdout"
# # Echo has its own logging which usually is unnessecary, which is why it is disabled by default. Possible values are stdout, stderr, file or off to disable standard logging.
# echo: "off"
# # Whether or not to log events. Useful for debugging. Possible values are stdout, stderr, file or off to disable events logging.
# events: "stdout"
# # The log level for event log messages. Possible values (case-insensitive) are ERROR, INFO, DEBUG.
# eventslevel: "DEBUG"
#
# ratelimit:
# # whether or not to enable the rate limit
# enabled: false
# # The kind on which rates are based. Can be either "user" for a rate limit per user or "ip" for an ip-based rate limit.
# kind: user
# # The time period in seconds for the limit
# period: 60
# # The max number of requests a user is allowed to do in the configured time period
# limit: 100
# # The store where the limit counter for each user is stored.
# # Possible values are "keyvalue", "memory" or "redis".
# # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section.
# store: keyvalue
#
# files:
# # The path where files are stored
# basepath: ./files # relative to the binary
# # The maximum size of a file, as a human-readable string.
# # Warning: The max size is limited 2^64-1 bytes due to the underlying datatype
# maxsize: 20MB
#
# migration:
# # These are the settings for the wunderlist migrator
# wunderlist:
# # Wheter to enable the wunderlist migrator or not
# enable: false
# # The client id, required for making requests to the wunderlist api
# # You need to register your vikunja instance at https://developer.wunderlist.com/apps/new to get this
# clientid:
# # The client secret, also required for making requests to the wunderlist api
# clientsecret:
# # The url where clients are redirected after they authorized Vikunja to access their wunderlist stuff.
# # This needs to match the url you entered when registering your Vikunja instance at wunderlist.
# # This is usually the frontend url where the frontend then makes a request to /migration/wunderlist/migrate
# # with the code obtained from the wunderlist api.
# # Note that the vikunja frontend expects this to be /migrate/wunderlist
# redirecturl:
# todoist:
# # Wheter to enable the todoist migrator or not
# enable: false
# # The client id, required for making requests to the todoist api
# # You need to register your vikunja instance at https://developer.todoist.com/appconsole.html to get this
# clientid:
# # The client secret, also required for making requests to the todoist api
# clientsecret:
# # The url where clients are redirected after they authorized Vikunja to access their todoist items.
# # This needs to match the url you entered when registering your Vikunja instance at todoist.
# # This is usually the frontend url where the frontend then makes a request to /migration/todoist/migrate
# # with the code obtained from the todoist api.
# # Note that the vikunja frontend expects this to be /migrate/todoist
# redirecturl: <frontend url>/migrate/todoist
# trello:
# # Wheter to enable the trello migrator or not
# enable: false
# # The client id, required for making requests to the trello api
# # You need to register your vikunja instance at https://trello.com/app-key (log in before you visit that link) to get this
# key:
# # The url where clients are redirected after they authorized Vikunja to access their trello cards.
# # This needs to match the url you entered when registering your Vikunja instance at trello.
# # This is usually the frontend url where the frontend then makes a request to /migration/trello/migrate
# # with the code obtained from the trello api.
# # Note that the vikunja frontend expects this to end on /migrate/trello.
# redirecturl: <frontend url>/migrate/trello
# microsofttodo:
# # Wheter to enable the microsoft todo migrator or not
# enable: false
# # The client id, required for making requests to the microsoft graph api
# # See https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application
# # for information about how to register your vikuinja instance.
# clientid:
# # The client secret, also required for making requests to the microsoft graph api
# clientsecret:
# # The url where clients are redirected after they authorized Vikunja to access their microsoft todo tasks.
# # This needs to match the url you entered when registering your Vikunja instance at microsoft.
# # This is usually the frontend url where the frontend then makes a request to /migration/microsoft-todo/migrate
# # with the code obtained from the microsoft graph api.
# # Note that the vikunja frontend expects this to be /migrate/microsoft-todo
# redirecturl: <frontend url>/migrate/microsoft-todo
#
# avatar:
# # When using gravatar, this is the duration in seconds until a cached gravatar user avatar expires
# gravatarexpiration: 3600
#
# backgrounds:
# # Whether to enable backgrounds for lists at all.
# enabled: true
# providers:
# upload:
# # Whethere to enable uploaded list backgrounds
# enabled: true
# unsplash:
# # Whether to enable setting backgrounds from unsplash as list backgrounds
# enabled: false
# # You need to create an application for your installation at https://unsplash.com/oauth/applications/new
# # and set the access token below.
# accesstoken:
# # The unsplash application id is only used for pingback and required as per their api guidelines.
# # You can find the Application ID in the dashboard for your API application. It should be a numeric ID.
# # It will only show in the UI if your application has been approved for Enterprise usage, therefore if
# # youre in Demo mode, you can also find the ID in the URL at the end: https://unsplash.com/oauth/applications/:application_id
# applicationid:
#
# # Legal urls
# # Will be shown in the frontend if configured here
# legal:
# imprinturl:
# privacyurl:
#
# # Key Value Storage settings
# # The Key Value Storage is used for different kinds of things like metrics and a few cache systems.
# keyvalue:
# # The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately.
# type: "memory"
#
auth:
# Local authentication will let users log in and register (if enabled) through the db.
# This is the default auth mechanism and does not require any additional configuration.
local:
# Enable or disable local authentication
enabled: false
# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
# The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
# If the email is not public in those cases, authenticating will fail.
# **Note 2:** The frontend expects to be redirected after authentication by the third party
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
# auth service accordingy if you're using the default vikunja frontend.
# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
{{ if eq (env "OAUTH_ENABLED") "true" }}
openid:
# Enable or disable OpenID Connect authentication
enabled: {{ env "OAUTH_ENABLED" }}
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
# frontend, you don't need to change this value.
# redirecturl: <frontend url>
# A list of enabled providers
providers:
# The name of the provider as it will appear in the frontend.
- name: {{ env "OAUTH_NAME" }}
# The auth url to send users to if they want to authenticate using OpenID Connect.
authurl: {{ env "OAUTH_URL" }}
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
clientid: {{ env "OAUTH_CLIENT_ID" }}
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
clientsecret: {{ secret "oauth_secret" }}
{{ end }}
# # Prometheus metrics endpoint
# metrics:
# # If set to true, enables a /metrics endpoint for prometheus to collect metrics about Vikunja.
# enabled: false
# # If set to a non-empty value the /metrics endpoint will require this as a username via basic auth in combination with the password below.
# username:
# # If set to a non-empty value the /metrics endpoint will require this as a password via basic auth in combination with the username below.
# password:
#