Compare commits
21 Commits
0.2.0+0.20
...
main
Author | SHA1 | Date |
---|---|---|
Moritz | a45b5e158b | |
Moritz | 1669d64a5a | |
Moritz | 8be72aa8df | |
Moritz | e501cc662d | |
Philipp Rothmann | 8050d24c7c | |
Philipp Rothmann | d3c98de025 | |
Moritz | 365448458c | |
Moritz | 4bbec31d8a | |
Moritz | 1ce54b1fe3 | |
Philipp Rothmann | fe83250372 | |
Philipp Rothmann | 4cfe5f66a8 | |
Philipp Rothmann | 6955772632 | |
Philipp Rothmann | e7addc8405 | |
Philipp Rothmann | d7412e71cf | |
Philipp Rothmann | 2206aeca68 | |
Philipp Rothmann | 464d2cf3ba | |
Philipp Rothmann | 35d1e14a81 | |
Philipp Rothmann | 5bbe653775 | |
Philipp Rothmann | e6d99ff449 | |
Philipp Rothmann | e070a5edbf | |
Philipp Rothmann | 5e41b22f61 |
|
@ -0,0 +1,43 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: vikunja
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: authentik.swarm-test.autonomic.zone
|
||||
STACK_NAME: authentik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
CONFIG_YML_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_JWT_SECRET_VERSION: v1
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
13
.env.sample
13
.env.sample
|
@ -1,6 +1,8 @@
|
|||
TYPE=vikunja
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
|
||||
DOMAIN={{ .Domain }}
|
||||
DOMAIN=vikunja.example.com
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.vikunja.example.com`'
|
||||
|
@ -14,13 +16,16 @@ LOG_LEVEL=INFO
|
|||
|
||||
COMPOSE_FILE=compose.yml
|
||||
|
||||
#VIKUNJA_RATELIMIT_NOAUTHLIMIT=10
|
||||
|
||||
# SSO OAUTH
|
||||
# e.g. see https://goauthentik.io/integrations/services/vikunja/
|
||||
# COMPOSE_FILE="${COMPOSE_FILE}:compose.oauth.yml"
|
||||
# OAUTH_ENABLED=true
|
||||
# OAUTH_NAME
|
||||
# OAUTH_URL
|
||||
# OAUTH_CLIENT_ID
|
||||
# OAUTH_NAME=authentik
|
||||
# OAUTH_URL=https://login.example.com/application/o/vikunja/
|
||||
# OAUTH_CLIENT_ID=vikunja
|
||||
# OAUTH_LOGOUT_URL=https://login.example.com/application/o/vikunja/end-session/
|
||||
# SECRET_OAUTH_SECRET_VERSION=v1
|
||||
|
||||
# E-MAIL
|
||||
|
|
|
@ -0,0 +1,12 @@
|
|||
authentik:
|
||||
env:
|
||||
OAUTH_NAME: authentik
|
||||
OAUTH_URL: https://authentik.example.com/application/o/vikunja/
|
||||
OAUTH_LOGOUT_URL: https://authentik.example.com/application/o/vikunja/end-session/
|
||||
OAUTH_CLIENT_ID: vikunja
|
||||
uncomment:
|
||||
- compose.oauth.yml
|
||||
- OAUTH_ENABLED
|
||||
- SECRET_OAUTH_SECRET_VERSION
|
||||
shared_secrets:
|
||||
vikunja_secret: oauth_secret
|
|
@ -7,6 +7,7 @@ services:
|
|||
- OAUTH_NAME
|
||||
- OAUTH_URL
|
||||
- OAUTH_CLIENT_ID
|
||||
- OAUTH_LOGOUT_URL
|
||||
- SECRET_OAUTH_SECRET_VERSION=V1
|
||||
secrets:
|
||||
- oauth_secret
|
||||
|
|
22
compose.yml
22
compose.yml
|
@ -3,10 +3,11 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
api:
|
||||
image: vikunja/api:0.20.0
|
||||
image: vikunja/api:0.22.1
|
||||
environment:
|
||||
- DOMAIN
|
||||
- LOG_LEVEL
|
||||
- VIKUNJA_RATELIMIT_NOAUTHLIMIT
|
||||
volumes:
|
||||
- files:/app/vikunja/files
|
||||
networks:
|
||||
|
@ -17,10 +18,8 @@ services:
|
|||
- db_password
|
||||
configs:
|
||||
- source: config_yml
|
||||
target: /app/vikunja/config.yml
|
||||
target: /etc/vikunja/config.yml
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}_api.loadbalancer.server.port=3456"
|
||||
|
@ -29,19 +28,18 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}_api.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
|
||||
app:
|
||||
image: vikunja/frontend:0.20.0
|
||||
image: vikunja/frontend:0.22.1
|
||||
networks:
|
||||
- proxy
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.2.0+0.20.0"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.4.0+0.22.1"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost" ]
|
||||
interval: 30s
|
||||
|
@ -69,13 +67,11 @@ services:
|
|||
secrets:
|
||||
- db_password
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
|
||||
|
||||
volumes:
|
||||
files:
|
||||
|
|
|
@ -5,7 +5,7 @@ service:
|
|||
JWTSecret: {{ secret "jwt_secret" }}
|
||||
# # The duration of the issed JWT tokens in seconds.
|
||||
# # The default is 259200 seconds (3 Days).
|
||||
# jwtttl: 259200
|
||||
# jwtttl: 604800
|
||||
# # The duration of the "remember me" time in seconds. When the login request is made with
|
||||
# # the long param set, the token returned will be valid for this period.
|
||||
# # The default is 2592000 seconds (30 Days).
|
||||
|
@ -281,9 +281,9 @@ log:
|
|||
#
|
||||
# # Key Value Storage settings
|
||||
# # The Key Value Storage is used for different kinds of things like metrics and a few cache systems.
|
||||
# keyvalue:
|
||||
# # The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately.
|
||||
# type: "memory"
|
||||
keyvalue:
|
||||
# The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately.
|
||||
type: "redis"
|
||||
#
|
||||
auth:
|
||||
# Local authentication will let users log in and register (if enabled) through the db.
|
||||
|
@ -305,13 +305,16 @@ auth:
|
|||
enabled: {{ env "OAUTH_ENABLED" }}
|
||||
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
|
||||
# frontend, you don't need to change this value.
|
||||
# redirecturl: <frontend url>
|
||||
redirecturl: https://{{ env "DOMAIN" }}/auth/openid/
|
||||
# A list of enabled providers
|
||||
providers:
|
||||
# The name of the provider as it will appear in the frontend.
|
||||
- name: {{ env "OAUTH_NAME" }}
|
||||
# The auth url to send users to if they want to authenticate using OpenID Connect.
|
||||
authurl: {{ env "OAUTH_URL" }}
|
||||
# The oidc logouturl that users will be redirected to on logout.
|
||||
# Leave empty or delete key, if you do not want to be redirected.
|
||||
logouturl: {{ env "OAUTH_LOGOUT_URL" }}
|
||||
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
|
||||
clientid: {{ env "OAUTH_CLIENT_ID" }}
|
||||
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
||||
|
|
Loading…
Reference in New Issue