Compare commits
No commits in common. "main" and "fix-config2" have entirely different histories.
main
...
fix-config
43
.drone.yml
43
.drone.yml
|
|
@ -1,43 +0,0 @@
|
|||
---
|
||||
kind: pipeline
|
||||
name: deploy to swarm-test.autonomic.zone
|
||||
steps:
|
||||
- name: deployment
|
||||
image: git.coopcloud.tech/coop-cloud/stack-ssh-deploy:latest
|
||||
settings:
|
||||
host: swarm-test.autonomic.zone
|
||||
stack: vikunja
|
||||
generate_secrets: true
|
||||
purge: true
|
||||
deploy_key:
|
||||
from_secret: drone_ssh_swarm_test
|
||||
networks:
|
||||
- proxy
|
||||
environment:
|
||||
DOMAIN: authentik.swarm-test.autonomic.zone
|
||||
STACK_NAME: authentik
|
||||
LETS_ENCRYPT_ENV: production
|
||||
CONFIG_YML_VERSION: v1
|
||||
SECRET_DB_PASSWORD_VERSION: v1
|
||||
SECRET_JWT_SECRET_VERSION: v1
|
||||
|
||||
trigger:
|
||||
branch:
|
||||
- main
|
||||
---
|
||||
kind: pipeline
|
||||
name: generate recipe catalogue
|
||||
steps:
|
||||
- name: release a new version
|
||||
image: plugins/downstream
|
||||
settings:
|
||||
server: https://build.coopcloud.tech
|
||||
token:
|
||||
from_secret: drone_abra-bot_token
|
||||
fork: true
|
||||
repositories:
|
||||
- coop-cloud/auto-recipes-catalogue-json
|
||||
|
||||
trigger:
|
||||
event: tag
|
||||
|
||||
13
.env.sample
13
.env.sample
|
|
@ -1,8 +1,6 @@
|
|||
TYPE=vikunja
|
||||
TIMEOUT=300
|
||||
ENABLE_AUTO_UPDATE=true
|
||||
|
||||
DOMAIN=vikunja.example.com
|
||||
DOMAIN={{ .Domain }}
|
||||
|
||||
## Domain aliases
|
||||
#EXTRA_DOMAINS=', `www.vikunja.example.com`'
|
||||
|
|
@ -16,16 +14,13 @@ LOG_LEVEL=INFO
|
|||
|
||||
COMPOSE_FILE=compose.yml
|
||||
|
||||
#VIKUNJA_RATELIMIT_NOAUTHLIMIT=10
|
||||
|
||||
# SSO OAUTH
|
||||
# e.g. see https://goauthentik.io/integrations/services/vikunja/
|
||||
# COMPOSE_FILE="${COMPOSE_FILE}:compose.oauth.yml"
|
||||
# OAUTH_ENABLED=true
|
||||
# OAUTH_NAME=authentik
|
||||
# OAUTH_URL=https://login.example.com/application/o/vikunja/
|
||||
# OAUTH_CLIENT_ID=vikunja
|
||||
# OAUTH_LOGOUT_URL=https://login.example.com/application/o/vikunja/end-session/
|
||||
# OAUTH_NAME
|
||||
# OAUTH_URL
|
||||
# OAUTH_CLIENT_ID
|
||||
# SECRET_OAUTH_SECRET_VERSION=v1
|
||||
|
||||
# E-MAIL
|
||||
|
|
|
|||
|
|
@ -1,12 +0,0 @@
|
|||
authentik:
|
||||
env:
|
||||
OAUTH_NAME: authentik
|
||||
OAUTH_URL: https://authentik.example.com/application/o/vikunja/
|
||||
OAUTH_LOGOUT_URL: https://authentik.example.com/application/o/vikunja/end-session/
|
||||
OAUTH_CLIENT_ID: vikunja
|
||||
uncomment:
|
||||
- compose.oauth.yml
|
||||
- OAUTH_ENABLED
|
||||
- SECRET_OAUTH_SECRET_VERSION
|
||||
shared_secrets:
|
||||
vikunja_secret: oauth_secret
|
||||
|
|
@ -7,7 +7,6 @@ services:
|
|||
- OAUTH_NAME
|
||||
- OAUTH_URL
|
||||
- OAUTH_CLIENT_ID
|
||||
- OAUTH_LOGOUT_URL
|
||||
- SECRET_OAUTH_SECRET_VERSION=V1
|
||||
secrets:
|
||||
- oauth_secret
|
||||
|
|
|
|||
22
compose.yml
22
compose.yml
|
|
@ -3,11 +3,10 @@ version: "3.8"
|
|||
|
||||
services:
|
||||
api:
|
||||
image: vikunja/api:0.22.1
|
||||
image: vikunja/api:0.19.2
|
||||
environment:
|
||||
- DOMAIN
|
||||
- LOG_LEVEL
|
||||
- VIKUNJA_RATELIMIT_NOAUTHLIMIT
|
||||
volumes:
|
||||
- files:/app/vikunja/files
|
||||
networks:
|
||||
|
|
@ -18,8 +17,10 @@ services:
|
|||
- db_password
|
||||
configs:
|
||||
- source: config_yml
|
||||
target: /etc/vikunja/config.yml
|
||||
target: /app/vikunja/config.yml
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}_api.loadbalancer.server.port=3456"
|
||||
|
|
@ -28,18 +29,19 @@ services:
|
|||
- "traefik.http.routers.${STACK_NAME}_api.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
|
||||
app:
|
||||
image: vikunja/frontend:0.22.1
|
||||
image: vikunja/frontend:0.19.1
|
||||
networks:
|
||||
- proxy
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
- "traefik.enable=true"
|
||||
- "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=80"
|
||||
- "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`)"
|
||||
- "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
|
||||
- "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.4.0+0.22.1"
|
||||
- "coop-cloud.${STACK_NAME}.timeout=${TIMEOUT:-120}"
|
||||
- "coop-cloud.${STACK_NAME}.version=0.1.0+0.19.1"
|
||||
healthcheck:
|
||||
test: [ "CMD", "curl", "-f", "http://localhost" ]
|
||||
interval: 30s
|
||||
|
|
@ -67,11 +69,13 @@ services:
|
|||
secrets:
|
||||
- db_password
|
||||
deploy:
|
||||
restart_policy:
|
||||
condition: on-failure
|
||||
labels:
|
||||
backupbot.backup: "true"
|
||||
backupbot.backup.pre-hook: "PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.path: "/var/lib/postgresql/data/backup.sql"
|
||||
backupbot.backup.pre-hook: "mkdir -p /tmp/backup/ && PGPASSWORD=$$(cat $${POSTGRES_PASSWORD_FILE}) pg_dump -U $${POSTGRES_USER} $${POSTGRES_DB} > /tmp/backup/backup.sql"
|
||||
backupbot.backup.post-hook: "rm -rf /tmp/backup"
|
||||
backupbot.backup.path: "/tmp/backup/"
|
||||
|
||||
volumes:
|
||||
files:
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@ service:
|
|||
JWTSecret: {{ secret "jwt_secret" }}
|
||||
# # The duration of the issed JWT tokens in seconds.
|
||||
# # The default is 259200 seconds (3 Days).
|
||||
# jwtttl: 604800
|
||||
# jwtttl: 259200
|
||||
# # The duration of the "remember me" time in seconds. When the login request is made with
|
||||
# # the long param set, the token returned will be valid for this period.
|
||||
# # The default is 2592000 seconds (30 Days).
|
||||
|
|
@ -281,9 +281,9 @@ log:
|
|||
#
|
||||
# # Key Value Storage settings
|
||||
# # The Key Value Storage is used for different kinds of things like metrics and a few cache systems.
|
||||
keyvalue:
|
||||
# The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately.
|
||||
type: "redis"
|
||||
# keyvalue:
|
||||
# # The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately.
|
||||
# type: "memory"
|
||||
#
|
||||
auth:
|
||||
# Local authentication will let users log in and register (if enabled) through the db.
|
||||
|
|
@ -305,16 +305,13 @@ auth:
|
|||
enabled: {{ env "OAUTH_ENABLED" }}
|
||||
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
|
||||
# frontend, you don't need to change this value.
|
||||
redirecturl: https://{{ env "DOMAIN" }}/auth/openid/
|
||||
# redirecturl: <frontend url>
|
||||
# A list of enabled providers
|
||||
providers:
|
||||
# The name of the provider as it will appear in the frontend.
|
||||
- name: {{ env "OAUTH_NAME" }}
|
||||
# The auth url to send users to if they want to authenticate using OpenID Connect.
|
||||
authurl: {{ env "OAUTH_URL" }}
|
||||
# The oidc logouturl that users will be redirected to on logout.
|
||||
# Leave empty or delete key, if you do not want to be redirected.
|
||||
logouturl: {{ env "OAUTH_LOGOUT_URL" }}
|
||||
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
|
||||
clientid: {{ env "OAUTH_CLIENT_ID" }}
|
||||
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
||||
|
|
|
|||
Loading…
Reference in New Issue