infrastructure/roles/vikunja/defaults/main.yml

---
# Defaults variables for the vikunja role

# Infrastructure
# Ansible instructions to deploy the infrastructure
# Copyright (C) 2021       Saibotk
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, version 3 of the License.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.
#

# The install location
vikunja_install_location: /srv/vikunja

# The container data volume mount locations
vikunja_api_files_location: "{{ vikunja_install_location }}/files"
vikunja_redis_location: "{{ vikunja_install_location }}/redis"
vikunja_database_location: "{{ vikunja_install_location }}/database"

# The certresolver that is used by traefik for the frontend domain
vikunja_frontend_traefik_certresolver: letsencrypt_http

# The domain that traefik will server vikunja's API under
vikunja_frontend_domain: "vikunja.example.com"

# The certresolver that is used by traefik for the api domain
vikunja_api_traefik_certresolver: letsencrypt_http

# The domain that traefik will server vikunja's API under
vikunja_api_domain: "{{ vikunja_frontend_domain }}"

# The database password to use
vikunja_database_password: "{{ lookup('passwordstore', vikunja_api_domain + '/db create=true length=42') }}"

# Container versions
# renovate: depName=docker.io/vikunja/api
vikunja_api_version: "0.22.1"
# renovate: depName=docker.io/vikunja/frontend
vikunja_frontend_version: "0.22.1"
# renovate: depName=docker.io/library/postgres
vikunja_database_version: "13.13"
# renovate: depName=docker.io/library/redis
vikunja_redis_version: "7"

# Container tag definitions
vikunja_api_image_version: "{{ vikunja_api_version }}"
vikunja_frontend_image_version: "{{ vikunja_frontend_version }}"
vikunja_database_image_version: "{{ vikunja_database_version }}-alpine"
vikunja_redis_image_version: "{{ vikunja_redis_version }}"

# Enable or disable selinux handling
vikunja_selinux_enabled: true

# The SELinux levels for vikunja folders/container
vikunja_selinux_level: "{{ omit }}"

# Application Configuration

# Service section

# Set the motd message, available from the /info endpoint
# Will be disabled if empty
vikunja_service_motd: ""
# This token is used to verify issued JWT tokens.
# Default (empty string) is a random token which will be generated at each startup of vikunja.
# (This means all already issued tokens will be invalid once you restart vikunja)
vikunja_service_jwtsecret: ""
# Enable the caldav endpoint, see the docs for more details
vikunja_service_enablecaldav: true
# Enable sharing of lists via a link
vikunja_service_enablelinksharing: true
# Whether to let new users registering themselves or not
vikunja_service_enableregistration: true
# Whether to enable task attachments or not
vikunja_service_enabletaskattachments: true
# The time zone all timestamps are in.
# Please note that time zones have to use [the official tz database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones).
# UTC or GMT offsets won't work.
vikunja_service_timezone: "GMT"
# Whether task comments should be enabled or not
vikunja_service_enabletaskcomments: true
# Whether totp is enabled. In most cases you want to leave that enabled.
vikunja_service_enabletotp: true
# If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder
# is due.
vikunja_service_enableemailreminders: true
# If true, will allow users to request the complete deletion of their account. When using external authentication methods
# it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands
# for user deletion.
vikunja_service_enableuserdeletion: true

# Mailer section
vikunja_mailer:
  # Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
  enabled: false
  # SMTP Host
  host: ""
  # SMTP Host port
  port: 587
  # SMTP username
  username: "user"
  # SMTP password
  password: ""
  # Wether to skip verification of the tls certificate on the server
  skiptlsverify: false
  # The default from address when sending emails
  fromemail: "mail@vikunja"
  # The length of the mail queue.
  queuelength: 100
  # The timeout in seconds after which the current open connection to the mailserver will be closed.
  queuetimeout: 30
  # By default, vikunja will try to connect with starttls, use this option to force it to use ssl.
  forcessl: false

# Log section
vikunja_log:
  # Whether to show any logging at all or none
  enabled: true
  # Where the normal log should go. Possible values are stdout, stderr, file or off to disable standard logging.
  standard: "stdout"
  # Change the log level. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
  level: "WARNING"
  # Whether or not to log database queries. Useful for debugging. Possible values are stdout, stderr, file or off to disable database logging.
  database: "off"
  # The log level for database log messages. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
  databaselevel: "WARNING"
  # Whether to log http requests or not. Possible values are stdout, stderr, file or off to disable http logging.
  http: "off"
  # Echo has its own logging which usually is unnessecary, which is why it is disabled by default.
  # Possible values are stdout, stderr, file or off to disable standard logging.
  echo: "off"
  # Whether or not to log events. Useful for debugging. Possible values are stdout, stderr, file or off to disable events logging.
  events: "stdout"
  # The log level for event log messages. Possible values (case-insensitive) are ERROR, INFO, DEBUG.
  eventslevel: "error"

# Rate limit section
vikunja_ratelimit:
  # whether or not to enable the rate limit
  enabled: false
  # The kind on which rates are based. Can be either "user" for a rate limit per user or "ip" for an ip-based rate limit.
  kind: user
  # The time period in seconds for the limit
  period: 60
  # The max number of requests a user is allowed to do in the configured time period
  limit: 100
  # The store where the limit counter for each user is stored.
  # Possible values are "keyvalue", "memory" or "redis".
  # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section.
  store: redis

# Files section

# The maximum size of a file, as a human-readable string.
# Warning: The max size is limited 2^64-1 bytes due to the underlying datatype
vikunja_files_maxsize: "50MB"

# Migration section
vikunja_migration:
  wunderlist:
    # Wheter to enable the wunderlist migrator or not
    enable: false
    # The client id, required for making requests to the wunderlist api
    # You need to register your vikunja instance at https://developer.wunderlist.com/apps/new to get this
    clientid:
    # The client secret, also required for making requests to the wunderlist api
    clientsecret:
    # The url where clients are redirected after they authorized Vikunja to access their wunderlist stuff.
    # This needs to match the url you entered when registering your Vikunja instance at wunderlist.
    # This is usually the frontend url where the frontend then makes a request to /migration/wunderlist/migrate
    # with the code obtained from the wunderlist api.
    # Note that the vikunja frontend expects this to be /migrate/wunderlist
    redirecturl: <frontend url>/migrate/wunderlist
  todoist:
    # Wheter to enable the todoist migrator or not
    enable: false
    # The client id, required for making requests to the todoist api
    # You need to register your vikunja instance at https://developer.todoist.com/appconsole.html to get this
    clientid:
    # The client secret, also required for making requests to the todoist api
    clientsecret:
    # The url where clients are redirected after they authorized Vikunja to access their todoist items.
    # This needs to match the url you entered when registering your Vikunja instance at todoist.
    # This is usually the frontend url where the frontend then makes a request to /migration/todoist/migrate
    # with the code obtained from the todoist api.
    # Note that the vikunja frontend expects this to be /migrate/todoist
    redirecturl: <frontend url>/migrate/todoist
  trello:
    # Wheter to enable the trello migrator or not
    enable: false
    # The client id, required for making requests to the trello api
    # You need to register your vikunja instance at https://trello.com/app-key (log in before you visit that link) to get this
    key:
    # The url where clients are redirected after they authorized Vikunja to access their trello cards.
    # This needs to match the url you entered when registering your Vikunja instance at trello.
    # This is usually the frontend url where the frontend then makes a request to /migration/trello/migrate
    # with the code obtained from the trello api.
    # Note that the vikunja frontend expects this to end on /migrate/trello.
    redirecturl: <frontend url>/migrate/trello
  microsofttodo:
    # Wheter to enable the microsoft todo migrator or not
    enable: false
    # The client id, required for making requests to the microsoft graph api
    # See https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application
    # for information about how to register your vikuinja instance.
    clientid:
    # The client secret, also required for making requests to the microsoft graph api
    clientsecret:
    # The url where clients are redirected after they authorized Vikunja to access their microsoft todo tasks.
    # This needs to match the url you entered when registering your Vikunja instance at microsoft.
    # This is usually the frontend url where the frontend then makes a request to /migration/microsoft-todo/migrate
    # with the code obtained from the microsoft graph api.
    # Note that the vikunja frontend expects this to be /migrate/microsoft-todo
    redirecturl: <frontend url>/migrate/microsoft-todo

# Avatar section
vikunja_avatar:
  # When using gravatar, this is the duration in seconds until a cached gravatar user avatar expires
  gravatarexpiration: 3600

# Backgrounds section
vikunja_backgrounds:
  # Whether to enable backgrounds for lists at all.
  enabled: true
  providers:
    upload:
      # Whethere to enable uploaded list backgrounds
      enabled: true
    unsplash:
      # Whether to enable setting backgrounds from unsplash as list backgrounds
      enabled: false
      # You need to create an application for your installation at https://unsplash.com/oauth/applications/new
      # and set the access token below.
      accesstoken:
      # The unsplash application id is only used for pingback and required as per their api guidelines.
      # You can find the Application ID in the dashboard for your API application. It should be a numeric ID.
      # It will only show in the UI if your application has been approved for Enterprise usage, therefore if
      # you’re in Demo mode, you can also find the ID in the URL at the end: https://unsplash.com/oauth/applications/:application_id
      applicationid:

# Legal section
# Used to configure the legal URLs.
# Will be shown in the frontend if configured here
vikunja_legal:
  imprinturl:
  privacyurl:

# Auth section

# Local authentication will let users log in and register (if enabled) through the db.
# This is the default auth mechanism and does not require any additional configuration.
# Enable or disable local authentication
vikunja_auth_local_enabled: true

# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
# The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
# If the email is not public in those cases, authenticating will fail.
# **Note 2:** The frontend expects to be redirected after authentication by the third party
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
# auth service accordingy if you're using the default vikunja frontend.
# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample)
# for more information about how to configure openid authentication.

# Enable or disable OpenID Connect authentication
vikunja_auth_openid_enabled: false
# A list of enabled providers
vikunja_auth_openid_providers:
    # The name of the provider as it will appear in the frontend.
  - name:
    # The auth url to send users to if they want to authenticate using OpenID Connect.
    authurl:
    # The client ID used to authenticate Vikunja at the OpenID Connect provider.
    clientid:
    # The client secret used to authenticate Vikunja at the OpenID Connect provider.
    clientsecret:

# Metrics section
vikunja_metrics:
  # If set to true, enables a /metrics endpoint for prometheus to collect metrics about Vikunja.
  enabled: false
  # If set to a non-empty value the /metrics endpoint will require this as a username via basic auth in combination with the password below.
  username:
  # If set to a non-empty value the /metrics endpoint will require this as a password via basic auth in combination with the username below.
  password: