132 lines
7.1 KiB
Cheetah
132 lines
7.1 KiB
Cheetah
service:
|
|
# This token is used to verify issued JWT tokens.
|
|
# Default is a random token which will be generated at each startup of Vikunja.
|
|
# (This means all already issued tokens will be invalid once you restart Vikunja)
|
|
JWTSecret: {{ secret "jwt_secret" }}
|
|
# The public facing URL where your users can reach Vikunja. Used in emails and for the communication between api and frontend.
|
|
publicurl: "https://{{ env "DOMAIN" }}"
|
|
|
|
database:
|
|
# Database type to use. Supported values are mysql, postgres and sqlite. Vikunja is able to run with MySQL 8.0+, Mariadb 10.2+, PostgreSQL 12+, and sqlite.
|
|
type: "postgres"
|
|
# Database user which is used to connect to the database.
|
|
user: "vikunja"
|
|
# Database password
|
|
password: "{{ secret "db_password" }}"
|
|
# Database host
|
|
host: "localhost"
|
|
# Database to use
|
|
database: "vikunja"
|
|
# When using sqlite, this is the path where to store the data
|
|
path: "./vikunja.db"
|
|
# Sets the max open connections to the database. Only used when using mysql and postgres.
|
|
maxopenconnections: 100
|
|
# Sets the maximum number of idle connections to the db.
|
|
maxidleconnections: 50
|
|
# The maximum lifetime of a single db connection in milliseconds.
|
|
maxconnectionlifetime: 10000
|
|
# Secure connection mode. Only used with postgres.
|
|
# (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
|
|
sslmode: disable
|
|
# The path to the client cert. Only used with postgres.
|
|
sslcert: ""
|
|
# The path to the client key. Only used with postgres.
|
|
sslkey: ""
|
|
# The path to the ca cert. Only used with postgres.
|
|
sslrootcert: ""
|
|
# Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
|
|
tls: false
|
|
|
|
{{ if eq (env "SMTP_ENABLED") "true" }}
|
|
mailer:
|
|
# Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
|
|
enabled: {{ env "SMTP_ENABLED" }}
|
|
# SMTP Host
|
|
host: {{ env "SMTP_HOST" }}
|
|
# SMTP Host port.
|
|
# **NOTE:** If you're unable to send mail and the only error you see in the logs is an `EOF`, try setting the port to `25`.
|
|
port: 587
|
|
# SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`.
|
|
authtype: {{ env "SMTP_AUTHTYPE" }}
|
|
# SMTP username
|
|
username: {{ env "SMTP_USER" }}
|
|
# SMTP password
|
|
password: {{ secret "smtp_password" }}
|
|
# Whether to skip verification of the tls certificate on the server
|
|
skiptlsverify: false
|
|
# The default from address when sending emails
|
|
fromemail: {{ env "SMTP_FROM_EMAIL" }}
|
|
# The length of the mail queue.
|
|
queuelength: 100
|
|
# The timeout in seconds after which the current open connection to the mailserver will be closed.
|
|
queuetimeout: 30
|
|
# By default, Vikunja will try to connect with starttls, use this option to force it to use ssl.
|
|
forcessl: false
|
|
{{ end }}
|
|
|
|
log:
|
|
# A folder where all the logfiles should go.
|
|
path: <rootpath>logs
|
|
# Whether to show any logging at all or none
|
|
enabled: true
|
|
# Where the normal log should go. Possible values are stdout, stderr, file or off to disable standard logging.
|
|
standard: "stdout"
|
|
# Change the log level. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
|
|
level: {{ env "LOG_LEVEL" }}
|
|
# Whether or not to log database queries. Useful for debugging. Possible values are stdout, stderr, file or off to disable database logging.
|
|
database: "stdout"
|
|
# The log level for database log messages. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
|
|
databaselevel: "INFO"
|
|
# Whether to log http requests or not. Possible values are stdout, stderr, file or off to disable http logging.
|
|
http: "stdout"
|
|
# Echo has its own logging which usually is unnecessary, which is why it is disabled by default. Possible values are stdout, stderr, file or off to disable standard logging.
|
|
echo: "off"
|
|
# Whether or not to log events. Useful for debugging. Possible values are stdout, stderr, file or off to disable events logging.
|
|
events: "stdout"
|
|
# The log level for event log messages. Possible values (case-insensitive) are ERROR, INFO, DEBUG.
|
|
eventslevel: "info"
|
|
# Whether or not to log mail log messages. This will not log mail contents. Possible values are stdout, stderr, file or off to disable mail-related logging.
|
|
mail: "stdout"
|
|
# The log level for mail log messages. Possible values (case-insensitive) are ERROR, WARNING, INFO, DEBUG.
|
|
maillevel: "info"
|
|
|
|
auth:
|
|
# Local authentication will let users log in and register (if enabled) through the db.
|
|
# This is the default auth mechanism and does not require any additional configuration.
|
|
local:
|
|
# Enable or disable local authentication
|
|
enabled: false
|
|
# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
|
|
# The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
|
|
# **Note:** Some openid providers (like Gitlab) only make the email of the user available through OpenID if they have set it to be publicly visible.
|
|
# If the email is not public in those cases, authenticating will fail.
|
|
# +**Note 2:** The frontend expects the third party to redirect the user <frontend-url>/auth/openid/<auth key> after authentication. Please make sure to configure the redirect url in your third party auth service accordingly if you're using the default Vikunja frontend.
|
|
# The frontend will automatically provide the API with the redirect url, composed from the current url where it's hosted.
|
|
# If you want to use the desktop client with OpenID, make sure to allow redirects to `127.0.0.1`.
|
|
# Take a look at the [default config file](https://kolaente.dev/vikunja/vikunja/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
|
|
{{ if eq (env "OAUTH_ENABLED") "true" }}
|
|
openid:
|
|
# Enable or disable OpenID Connect authentication
|
|
enabled: {{ env "OAUTH_ENABLED" }}
|
|
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
|
|
# frontend, you don't need to change this value.
|
|
redirecturl: https://{{ env "DOMAIN" }}/auth/openid/
|
|
# A list of enabled providers
|
|
providers:
|
|
# The name of the provider as it will appear in the frontend.
|
|
- name: {{ env "OAUTH_NAME" }}
|
|
# The auth url to send users to if they want to authenticate using OpenID Connect.
|
|
authurl: {{ env "OAUTH_URL" }}
|
|
# The oidc logouturl that users will be redirected to on logout.
|
|
# Leave empty or delete key, if you do not want to be redirected.
|
|
logouturl: {{ env "OAUTH_LOGOUT_URL" }}
|
|
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
|
|
clientid: {{ env "OAUTH_CLIENT_ID" }}
|
|
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
|
|
clientsecret: {{ secret "oauth_secret" }}
|
|
# The scope necessary to use oidc.
|
|
# If you want to use the Feature to create and assign to Vikunja teams via oidc, you have to add the custom "vikunja_scope" and check [openid.md](https://vikunja.io/docs/openid/).
|
|
# e.g. scope: openid email profile vikunja_scope
|
|
scope: openid email profile
|
|
{{ end }}
|