service: # This token is used to verify issued JWT tokens. # Default is a random token which will be generated at each startup of vikunja. # (This means all already issued tokens will be invalid once you restart vikunja) JWTSecret: {{ secret "jwt_secret" }} # # The duration of the issed JWT tokens in seconds. # # The default is 259200 seconds (3 Days). # jwtttl: 259200 # # The duration of the "remember me" time in seconds. When the login request is made with # # the long param set, the token returned will be valid for this period. # # The default is 2592000 seconds (30 Days). # jwtttllong: 2592000 # # The interface on which to run the webserver # interface: ":3456" # # Path to Unix socket. If set, it will be created and used instead of tcp # unixsocket: # # Permission bits for the Unix socket. Note that octal values must be prefixed by "0o", e.g. 0o660 # unixsocketmode: # # The URL of the frontend, used to send password reset emails. frontendurl: https://{{ env "DOMAIN" }} # # The base path on the file system where the binary and assets are. # # Vikunja will also look in this path for a config file, so you could provide only this variable to point to a folder # # with a config file which will then be used. # rootpath: # # Path on the file system to serve static files from. Set to the path of the frontend files to host frontend alongside the api. # staticpath: "" # # The max number of items which can be returned per page # maxitemsperpage: 50 # # Enable the caldav endpoint, see the docs for more details # enablecaldav: true # # Set the motd message, available from the /info endpoint # motd: "" # # Enable sharing of lists via a link # enablelinksharing: true # # Whether to let new users registering themselves or not # enableregistration: true # # Whether to enable task attachments or not # enabletaskattachments: true # # The time zone all timestamps are in. Please note that time zones have to use [the official tz database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). UTC or GMT offsets won't work. # timezone: GMT # # Whether task comments should be enabled or not # enabletaskcomments: true # # Whether totp is enabled. In most cases you want to leave that enabled. # enabletotp: true # # If not empty, enables logging of crashes and unhandled errors in sentry. # sentrydsn: '' # # If not empty, this will enable `/test/{table}` endpoints which allow to put any content in the database. # # Used to reset the db before frontend tests. Because this is quite a dangerous feature allowing for lots of harm, # # each request made to this endpoint neefs to provide an `Authorization: ` header with the token from below.
# # **You should never use this unless you know exactly what you're doing** # testingtoken: '' # # If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder # # is due. # enableemailreminders: true # # If true, will allow users to request the complete deletion of their account. When using external authentication methods # # it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands # # for user deletion. # enableuserdeletion: true # # The maximum size clients will be able to request for user avatars. # # If clients request a size bigger than this, it will be changed on the fly. # maxavatarsize: 1024 # database: # Database type to use. Supported types are mysql, postgres and sqlite. type: "postgres" # Database user which is used to connect to the database. user: "vikunja" # Database password password: {{ secret "db_password" }} # Database host host: "db" # Database to use database: "vikunja" # # When using sqlite, this is the path where to store the data # path: "./vikunja.db" # # Sets the max open connections to the database. Only used when using mysql and postgres. # maxopenconnections: 100 # # Sets the maximum number of idle connections to the db. # maxidleconnections: 50 # # The maximum lifetime of a single db connection in miliseconds. # maxconnectionlifetime: 10000 # # Secure connection mode. Only used with postgres. # # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters) # sslmode: disable # # The path to the client cert. Only used with postgres. # sslcert: "" # # The path to the client key. Only used with postgres. # sslkey: "" # # The path to the ca cert. Only used with postgres. # sslrootcert: "" # # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred # tls: false # cache: # If cache is enabled or not enabled: true # Cache type. Possible values are "keyvalue", "memory" or "redis". # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section. # When choosing "redis" you will need to configure the redis connection seperately. type: redis # When using memory this defines the maximum size an element can take # maxelementsize: 1000 redis: # Whether to enable redis or not enabled: true # The host of the redis server including its port. host: 'redis:6379' # The password used to authenicate against the redis server password: '' # 0 means default database db: 0 # # cors: # # Whether to enable or disable cors headers. # # Note: If you want to put the frontend and the api on seperate domains or ports, you will need to enable this. # # Otherwise the frontend won't be able to make requests to the api through the browser. # enable: true # # A list of origins which may access the api. These need to include the protocol (`http://` or `https://`) and port, if any. # origins: # - "*" # # How long (in seconds) the results of a preflight request can be cached. # maxage: 0 # {{ if eq (env "SMTP_ENABLED") "true" }} mailer: # Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible. enabled: {{ env "SMTP_ENABLED" }} # SMTP Host host: {{ env "SMTP_HOST" }} # SMTP Host port port: 587 # SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`. authtype: {{ env "SMTP_AUTHTYPE" }} # SMTP username username: {{ env "SMTP_USER" }} # SMTP password password: {{ secret "smtp_password" }} # Wether to skip verification of the tls certificate on the server skiptlsverify: false # The default from address when sending emails fromemail: {{ env "SMTP_FROM_EMAIL" }} # The length of the mail queue. queuelength: 100 # The timeout in seconds after which the current open connection to the mailserver will be closed. queuetimeout: 30 # By default, vikunja will try to connect with starttls, use this option to force it to use ssl. forcessl: false {{ end }} log: # # A folder where all the logfiles should go. # path: logs # # Whether to show any logging at all or none enabled: true # # Where the normal log should go. Possible values are stdout, stderr, file or off to disable standard logging. standard: "stdout" # # Change the log level. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG. level: {{ env "LOG_LEVEL" }} # # Whether or not to log database queries. Useful for debugging. Possible values are stdout, stderr, file or off to disable database logging. # database: "stdout" # # The log level for database log messages. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG. # databaselevel: "DEBUG" # # Whether to log http requests or not. Possible values are stdout, stderr, file or off to disable http logging. # http: "stdout" # # Echo has its own logging which usually is unnessecary, which is why it is disabled by default. Possible values are stdout, stderr, file or off to disable standard logging. # echo: "off" # # Whether or not to log events. Useful for debugging. Possible values are stdout, stderr, file or off to disable events logging. # events: "stdout" # # The log level for event log messages. Possible values (case-insensitive) are ERROR, INFO, DEBUG. # eventslevel: "DEBUG" # # ratelimit: # # whether or not to enable the rate limit # enabled: false # # The kind on which rates are based. Can be either "user" for a rate limit per user or "ip" for an ip-based rate limit. # kind: user # # The time period in seconds for the limit # period: 60 # # The max number of requests a user is allowed to do in the configured time period # limit: 100 # # The store where the limit counter for each user is stored. # # Possible values are "keyvalue", "memory" or "redis". # # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section. # store: keyvalue # # files: # # The path where files are stored # basepath: ./files # relative to the binary # # The maximum size of a file, as a human-readable string. # # Warning: The max size is limited 2^64-1 bytes due to the underlying datatype # maxsize: 20MB # # migration: # # These are the settings for the wunderlist migrator # wunderlist: # # Wheter to enable the wunderlist migrator or not # enable: false # # The client id, required for making requests to the wunderlist api # # You need to register your vikunja instance at https://developer.wunderlist.com/apps/new to get this # clientid: # # The client secret, also required for making requests to the wunderlist api # clientsecret: # # The url where clients are redirected after they authorized Vikunja to access their wunderlist stuff. # # This needs to match the url you entered when registering your Vikunja instance at wunderlist. # # This is usually the frontend url where the frontend then makes a request to /migration/wunderlist/migrate # # with the code obtained from the wunderlist api. # # Note that the vikunja frontend expects this to be /migrate/wunderlist # redirecturl: # todoist: # # Wheter to enable the todoist migrator or not # enable: false # # The client id, required for making requests to the todoist api # # You need to register your vikunja instance at https://developer.todoist.com/appconsole.html to get this # clientid: # # The client secret, also required for making requests to the todoist api # clientsecret: # # The url where clients are redirected after they authorized Vikunja to access their todoist items. # # This needs to match the url you entered when registering your Vikunja instance at todoist. # # This is usually the frontend url where the frontend then makes a request to /migration/todoist/migrate # # with the code obtained from the todoist api. # # Note that the vikunja frontend expects this to be /migrate/todoist # redirecturl: /migrate/todoist # trello: # # Wheter to enable the trello migrator or not # enable: false # # The client id, required for making requests to the trello api # # You need to register your vikunja instance at https://trello.com/app-key (log in before you visit that link) to get this # key: # # The url where clients are redirected after they authorized Vikunja to access their trello cards. # # This needs to match the url you entered when registering your Vikunja instance at trello. # # This is usually the frontend url where the frontend then makes a request to /migration/trello/migrate # # with the code obtained from the trello api. # # Note that the vikunja frontend expects this to end on /migrate/trello. # redirecturl: /migrate/trello # microsofttodo: # # Wheter to enable the microsoft todo migrator or not # enable: false # # The client id, required for making requests to the microsoft graph api # # See https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application # # for information about how to register your vikuinja instance. # clientid: # # The client secret, also required for making requests to the microsoft graph api # clientsecret: # # The url where clients are redirected after they authorized Vikunja to access their microsoft todo tasks. # # This needs to match the url you entered when registering your Vikunja instance at microsoft. # # This is usually the frontend url where the frontend then makes a request to /migration/microsoft-todo/migrate # # with the code obtained from the microsoft graph api. # # Note that the vikunja frontend expects this to be /migrate/microsoft-todo # redirecturl: /migrate/microsoft-todo # # avatar: # # When using gravatar, this is the duration in seconds until a cached gravatar user avatar expires # gravatarexpiration: 3600 # # backgrounds: # # Whether to enable backgrounds for lists at all. # enabled: true # providers: # upload: # # Whethere to enable uploaded list backgrounds # enabled: true # unsplash: # # Whether to enable setting backgrounds from unsplash as list backgrounds # enabled: false # # You need to create an application for your installation at https://unsplash.com/oauth/applications/new # # and set the access token below. # accesstoken: # # The unsplash application id is only used for pingback and required as per their api guidelines. # # You can find the Application ID in the dashboard for your API application. It should be a numeric ID. # # It will only show in the UI if your application has been approved for Enterprise usage, therefore if # # you’re in Demo mode, you can also find the ID in the URL at the end: https://unsplash.com/oauth/applications/:application_id # applicationid: # # # Legal urls # # Will be shown in the frontend if configured here # legal: # imprinturl: # privacyurl: # # # Key Value Storage settings # # The Key Value Storage is used for different kinds of things like metrics and a few cache systems. # keyvalue: # # The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately. # type: "memory" # auth: # Local authentication will let users log in and register (if enabled) through the db. # This is the default auth mechanism and does not require any additional configuration. local: # Enable or disable local authentication enabled: false # OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.
# The provider needs to support the `openid`, `profile` and `email` scopes.
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible. # If the email is not public in those cases, authenticating will fail. # **Note 2:** The frontend expects to be redirected after authentication by the third party # to /auth/openid/. Please make sure to configure the redirect url with your third party # auth service accordingy if you're using the default vikunja frontend. # Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication. {{ if eq (env "OAUTH_ENABLED") "true" }} openid: # Enable or disable OpenID Connect authentication enabled: {{ env "OAUTH_ENABLED" }} # The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official # frontend, you don't need to change this value. # redirecturl: # A list of enabled providers providers: # The name of the provider as it will appear in the frontend. - name: {{ env "OAUTH_NAME" }} # The auth url to send users to if they want to authenticate using OpenID Connect. authurl: {{ env "OAUTH_URL" }} # The client ID used to authenticate Vikunja at the OpenID Connect provider. clientid: {{ env "OAUTH_CLIENT_ID" }} # The client secret used to authenticate Vikunja at the OpenID Connect provider. clientsecret: {{ secret "oauth_secret" }} {{ end }} # # Prometheus metrics endpoint # metrics: # # If set to true, enables a /metrics endpoint for prometheus to collect metrics about Vikunja. # enabled: false # # If set to a non-empty value the /metrics endpoint will require this as a username via basic auth in combination with the password below. # username: # # If set to a non-empty value the /metrics endpoint will require this as a password via basic auth in combination with the username below. # password: #