fix smtp.yml and add smtp options

Reviewed-on: #3
Reviewed-by: simon <simon@noreply.git.coopcloud.tech>

.drone.yml

@@ -17,7 +17,9 @@ steps:
       DOMAIN: authentik.swarm-test.autonomic.zone
       STACK_NAME: authentik
       LETS_ENCRYPT_ENV: production
-      CONFIG_YML_VERSION: v1
+      CONFIG_YML_VERSION: v9
+      HEALTHCHECK_VERSION: v1
+      PG_BACKUP_VERSION: v2
       SECRET_DB_PASSWORD_VERSION: v1
       SECRET_JWT_SECRET_VERSION: v1
 
@@ -36,8 +38,7 @@ steps:
         from_secret: drone_abra-bot_token
       fork: true
       repositories:
-        - coop-cloud/auto-recipes-catalogue-json
+        - toolshed/auto-recipes-catalogue-json
 
 trigger:
   event: tag
-

.env.sample

@@ -1,11 +1,13 @@
 TYPE=vikunja
 TIMEOUT=300
 ENABLE_AUTO_UPDATE=true
+ENABLE_BACKUPS=true
 
 DOMAIN=vikunja.example.com
 
 ## Domain aliases
 #EXTRA_DOMAINS=', `www.vikunja.example.com`'
+#REDIRECT_DOMAIN=www.vikunja.example.com
 
 LETS_ENCRYPT_ENV=production
 
@@ -40,7 +42,10 @@ VIKUNJA_AUTH_LOCAL_ENABLED=false
 # COMPOSE_FILE="${COMPOSE_FILE}:compose.smtp.yml"
 # VIKUNJA_MAILER_ENABLED=true
 # VIKUNJA_MAILER_HOST=mail.example.com
+# VIKUNJA_MAILER_PORT=25
 # VIKUNJA_MAILER_AUTHTYPE=plain # possible: plain, login, cram-md5
 # VIKUNJA_MAILER_USERNAME=user
 # VIKUNJA_MAILER_FROMEMAIL=user@example.com
-# SECRET_SMTP_PASSWORD_VERSION=v1
+# VIKUNJA_MAILER_SKIPTLSVERIFY=false
+# VIKUNJA_MAILER_FORCESSL=false
+# SECRET_SMTP_PASSWORD_VERSION=v1

abra.sh

@@ -1,2 +1,3 @@
-export CONFIG_YML_VERSION=v8
+export CONFIG_YML_VERSION=v9
 export HEALTHCHECK_VERSION=v1
+export PG_BACKUP_VERSION=v2

compose.smtp.yml

@@ -3,11 +3,15 @@ version: "3.8"
 services:
   app:
     environment:
-      - SMTP_ENABLED
-      - SMTP_HOST
-      - SMTP_AUTHTYPE
-      - SMTP_USER
-      - SMTP_FROM_EMAIL
+      - VIKUNJA_MAILER_ENABLED
+      - VIKUNJA_MAILER_HOST
+      - VIKUNJA_MAILER_PORT
+      - VIKUNJA_MAILER_AUTHTYPE
+      - VIKUNJA_MAILER_SKIPTLSVERIFY
+      - VIKUNJA_MAILER_FORCESSL
+      - VIKUNJA_MAILER_USERNAME
+      - VIKUNJA_MAILER_PASSWORD_FILE=/run/secrets/smtp_password
+      - VIKUNJA_MAILER_FROMEMAIL
       
     secrets:
       - smtp_password

compose.yml

@@ -3,7 +3,7 @@ version: "3.8"
 
 services:
   app:
-    image: vikunja/vikunja:0.24.2
+    image: vikunja/vikunja:0.24.6
     environment:
       - DOMAIN
       - LOG_LEVEL
@@ -21,12 +21,6 @@ services:
       - VIKUNJA_CACHE_TYPE=redis
       - VIKUNJA_SERVICE_ENABLEREGISTRATION=false
       - VIKUNJA_SERVICE_JWTTTL=604800
-      - VIKUNJA_MAILER_ENABLED
-      - VIKUNJA_MAILER_HOST
-      - VIKUNJA_MAILER_AUTHTYPE
-      - VIKUNJA_MAILER_USERNAME
-      - VIKUNJA_MAILER_PASSWORD_FILE=/run/secrets/smtp_password
-      - VIKUNJA_MAILER_FROMEMAIL
       - VIKUNJA_LOG_LEVEL
       - VIKUNJA_LOG_DATABASE
       - VIKUNJA_LOG_DATABASELEVEL
@@ -50,15 +44,18 @@ services:
       - source: healthcheck
         target: /healthcheck
         mode: 555
-
     deploy:
       labels:
         - "traefik.enable=true"
+        - "traefik.docker.network=proxy"
         - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=3456"
-        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.regex=^https://${REDIRECT_DOMAIN:-example.com}(.*)"
+        - "traefik.http.middlewares.${STACK_NAME}-redirect.redirectregex.replacement=https://${DOMAIN}$${1}"
         - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
         - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
-        - "coop-cloud.${STACK_NAME}.version=1.0.1+0.24.2"
+        - "coop-cloud.${STACK_NAME}.version=1.2.0+0.24.6"
         - "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
     healthcheck:
       test: [ "CMD", "/healthcheck"]
@@ -68,12 +65,9 @@ services:
       start_period: 1m
 
   redis:
-    image: redis:7.4.1-alpine
+    image: redis:8.2.2-alpine
     networks:
       - internal
-    ports:
-      - "6379:6379"
-
 
   db:
     image: postgres:13
@@ -92,10 +86,14 @@ services:
       - db_password
     deploy:
       labels:
-        backupbot.backup: "true"
-        backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
-        backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
-        backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
+        backupbot.backup: "${ENABLE_BACKUPS:-true}"
+        backupbot.backup.pre-hook: "/pg_backup.sh backup"
+        backupbot.backup.volumes.db.path: "backup.sql"
+        backupbot.restore.post-hook: '/pg_backup.sh restore'
+    configs:
+        - source: pg_backup
+          target: /pg_backup.sh
+          mode: 0555
 
 volumes:
   files:
@@ -116,6 +114,9 @@ configs:
   healthcheck:
     name: ${STACK_NAME}_healthcheck_${HEALTHCHECK_VERSION}
     file: healthcheck
+  pg_backup:
+    name: ${STACK_NAME}_pg_backup_${PG_BACKUP_VERSION}
+    file: pg_backup.sh
 
 secrets:
   db_password:

config.yml.tmpl

@@ -5,8 +5,10 @@ service:
   JWTSecret: {{ secret "jwt_secret" }}
 database:
   password: "{{ secret "db_password" }}"
+{{ if eq (env "VIKUNJA_MAILER_ENABLED") "true" }}
 mailer:
   password: {{ secret "smtp_password" }}
+{{ end }}
 {{ if eq (env "OAUTH_ENABLED") "true" }}
 auth:
   openid:

debug_Dockerfile

@@ -0,0 +1,16 @@
+FROM vikunja/vikunja:0.24.2 AS vikunja-scratch
+
+FROM alpine
+
+RUN apk add --upgrade --no-cache vim bash curl
+
+WORKDIR /app/vikunja
+CMD [ "/app/vikunja/vikunja" ]
+EXPOSE 3456
+USER 1000
+
+ENV VIKUNJA_SERVICE_ROOTPATH=/app/vikunja/
+ENV VIKUNJA_DATABASE_PATH=/db/vikunja.db
+
+COPY --from=vikunja-scratch /app/vikunja /app/vikunja
+COPY --from=vikunja-scratch /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/

pg_backup.sh

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -e
+
+BACKUP_FILE='/var/lib/postgresql/data/backup.sql'
+
+function backup {
+  export PGPASSWORD=$(cat /run/secrets/db_password)
+  pg_dump -U ${POSTGRES_USER} ${POSTGRES_DB} > $BACKUP_FILE
+}
+
+function restore {
+    cd /var/lib/postgresql/data/
+    restore_config(){
+        # Restore allowed connections
+        cat pg_hba.conf.bak > pg_hba.conf
+        su postgres -c 'pg_ctl reload'
+    }
+    # Don't allow any other connections than local
+    cp pg_hba.conf pg_hba.conf.bak
+    echo "local all all trust" > pg_hba.conf
+    su postgres -c 'pg_ctl reload'
+    trap restore_config EXIT INT TERM
+
+    # Recreate Database
+    psql -U ${POSTGRES_USER} -d postgres -c "DROP DATABASE ${POSTGRES_DB} WITH (FORCE);" 
+    createdb -U ${POSTGRES_USER} ${POSTGRES_DB}
+    psql -U ${POSTGRES_USER} -d ${POSTGRES_DB} -1 -f $BACKUP_FILE
+
+    trap - EXIT INT TERM
+    restore_config
+}
+
+$@