service:
  # This token is used to verify issued JWT tokens.
  # Default is a random token which will be generated at each startup of Vikunja.
  # (This means all already issued tokens will be invalid once you restart Vikunja)
  JWTSecret: {{ secret "jwt_secret" }}
  # The public facing URL where your users can reach Vikunja. Used in emails and for the communication between api and frontend.
  publicurl: "https://{{ env "DOMAIN" }}"
  
database:
  # Database type to use. Supported values are mysql, postgres and sqlite. Vikunja is able to run with MySQL 8.0+, Mariadb 10.2+, PostgreSQL 12+, and sqlite.
  type: "postgres"
  # Database user which is used to connect to the database.
  user: "vikunja"
  # Database password
  password: "{{ secret "db_password" }}"
  # Database host
  host: "localhost"
  # Database to use
  database: "vikunja"
  # When using sqlite, this is the path where to store the data
  path: "./vikunja.db"
  # Sets the max open connections to the database. Only used when using mysql and postgres.
  maxopenconnections: 100
  # Sets the maximum number of idle connections to the db.
  maxidleconnections: 50
  # The maximum lifetime of a single db connection in milliseconds.
  maxconnectionlifetime: 10000
  # Secure connection mode. Only used with postgres.
  # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
  sslmode: disable
  # The path to the client cert. Only used with postgres.
  sslcert: ""
  # The path to the client key. Only used with postgres.
  sslkey: ""
  # The path to the ca cert. Only used with postgres.
  sslrootcert: ""
  # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
  tls: false

{{ if eq (env "SMTP_ENABLED") "true" }}
mailer:
  # Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
  enabled: {{ env "SMTP_ENABLED" }}
  # SMTP Host
  host: {{ env "SMTP_HOST" }}
  # SMTP Host port.
  # **NOTE:** If you're unable to send mail and the only error you see in the logs is an `EOF`, try setting the port to `25`.
  port: 587
  # SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`.
  authtype: {{ env "SMTP_AUTHTYPE" }}
  # SMTP username
  username: {{ env "SMTP_USER" }}
  # SMTP password
  password: {{ secret "smtp_password" }}
  # Whether to skip verification of the tls certificate on the server
  skiptlsverify: false
  # The default from address when sending emails
  fromemail: {{ env "SMTP_FROM_EMAIL" }}
  # The length of the mail queue.
  queuelength: 100
  # The timeout in seconds after which the current open connection to the mailserver will be closed.
  queuetimeout: 30
  # By default, Vikunja will try to connect with starttls, use this option to force it to use ssl.
  forcessl: false
{{ end }}

log:
  # A folder where all the logfiles should go.
  path: <rootpath>logs
  # Whether to show any logging at all or none
  enabled: true
  # Where the normal log should go. Possible values are stdout, stderr, file or off to disable standard logging.
  standard: "stdout"
  # Change the log level. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
  level: {{ env "LOG_LEVEL" }}
  # Whether or not to log database queries. Useful for debugging. Possible values are stdout, stderr, file or off to disable database logging.
  database: "stdout"
  # The log level for database log messages. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
  databaselevel: "INFO"
  # Whether to log http requests or not. Possible values are stdout, stderr, file or off to disable http logging.
  http: "stdout"
  # Echo has its own logging which usually is unnecessary, which is why it is disabled by default. Possible values are stdout, stderr, file or off to disable standard logging.
  echo: "off"
  # Whether or not to log events. Useful for debugging. Possible values are stdout, stderr, file or off to disable events logging.
  events: "stdout"
  # The log level for event log messages. Possible values (case-insensitive) are ERROR, INFO, DEBUG.
  eventslevel: "info"
  # Whether or not to log mail log messages. This will not log mail contents. Possible values are stdout, stderr, file or off to disable mail-related logging.
  mail: "stdout"
  # The log level for mail log messages. Possible values (case-insensitive) are ERROR, WARNING, INFO, DEBUG.
  maillevel: "info"

auth:
  # Local authentication will let users log in and register (if enabled) through the db.
  # This is the default auth mechanism and does not require any additional configuration.
  local:
    # Enable or disable local authentication
    enabled: false
  # OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
  # The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
  # **Note:** Some openid providers (like Gitlab) only make the email of the user available through OpenID if they have set it to be publicly visible.
  # If the email is not public in those cases, authenticating will fail.
  # +**Note 2:** The frontend expects the third party to redirect the user <frontend-url>/auth/openid/<auth key> after authentication. Please make sure to configure the redirect url in your third party auth service accordingly if you're using the default Vikunja frontend.    
  # The frontend will automatically provide the API with the redirect url, composed from the current url where it's hosted.
  # If you want to use the desktop client with OpenID, make sure to allow redirects to `127.0.0.1`.
  # Take a look at the [default config file](https://kolaente.dev/vikunja/vikunja/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
{{ if eq (env "OAUTH_ENABLED") "true" }}
  openid:
    # Enable or disable OpenID Connect authentication
    enabled: {{ env "OAUTH_ENABLED" }}
    # The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
    # frontend, you don't need to change this value.
    redirecturl: https://{{ env "DOMAIN" }}/auth/openid/
    # A list of enabled providers
    providers:
      # The name of the provider as it will appear in the frontend.
      - name: {{ env "OAUTH_NAME" }}
        # The auth url to send users to if they want to authenticate using OpenID Connect.
        authurl: {{ env "OAUTH_URL" }}
        # The oidc logouturl that users will be redirected to on logout.
        # Leave empty or delete key, if you do not want to be redirected.
        logouturl: {{ env "OAUTH_LOGOUT_URL" }}
        # The client ID used to authenticate Vikunja at the OpenID Connect provider.
        clientid: {{ env "OAUTH_CLIENT_ID" }}
        # The client secret used to authenticate Vikunja at the OpenID Connect provider.
        clientsecret: {{ secret "oauth_secret" }}
        # The scope necessary to use oidc.
        # If you want to use the Feature to create and assign to Vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/).
        # e.g. scope: openid email profile vikunja_scope
        scope: openid email profile
{{ end }}