diff --git a/playbooks/site.yml b/playbooks/site.yml
index 03eb62f..45d31d0 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -35,3 +35,4 @@
- import_playbook: owncast.yml
- import_playbook: factorio.yml
- import_playbook: penpot.yml
+- import_playbook: vikunja.yml
diff --git a/playbooks/vikunja.yml b/playbooks/vikunja.yml
new file mode 100644
index 0000000..df2d85a
--- /dev/null
+++ b/playbooks/vikunja.yml
@@ -0,0 +1,27 @@
+---
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+- hosts: vikunja
+ roles:
+ - docker
+ - docker_compose
+ - docker_cleanup
+ - traefik
+ - vikunja
+ environment:
+ PYTHONPATH: /opt/ansible-dependencies/lib/python2.7/site-packages
diff --git a/roles/vikunja/README.md b/roles/vikunja/README.md
new file mode 100644
index 0000000..eb557a9
--- /dev/null
+++ b/roles/vikunja/README.md
@@ -0,0 +1,37 @@
+Vikunja
+=========
+
+This will setup a [Vikunja](https://vikunja.io/) instance using their official docker container and traefik as a reverse proxy.
+
+Requirements
+------------
+
+You will need to have docker, docker-compose and traefik installed or declared as dependencies with their respective roles.
+
+**This role assumes that you have setup traefik with an endpoint called `websecure`.**
+
+**You will also need to manually setup the services configuration file!**
+
+Role Variables
+--------------
+
+**Please look at the [defaults/main.yml](defaults/main.yml) for all available variables and their description.**
+
+**Note: Lines that are commented out via `#` are usually still valid/used variables, but they are not defined by default, so they might enable a feature, when uncommenting/defining them!**
+
+### Global variables, that are used:
+
+- `proxy_network`: Defined by the local traefik installation, this is the shared proxy network used by traefik to reach the containers. (optional)
+- `proxy_hiddenservice`: Defined by the local traefik installation, this is used to generate the alt-svc header for the alternative Tor domain. (optional)
+
+Dependencies
+------------
+
+- docker
+- docker-compose
+- traefik
+
+License
+-------
+
+GPL-3.0-only
diff --git a/roles/vikunja/defaults/main.yml b/roles/vikunja/defaults/main.yml
new file mode 100644
index 0000000..6f515f4
--- /dev/null
+++ b/roles/vikunja/defaults/main.yml
@@ -0,0 +1,288 @@
+---
+# Defaults variables for the vikunja role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+
+# The install location
+vikunja_install_location: /srv/vikunja
+
+# The container data volume mount locations
+vikunja_api_files_location: "{{ vikunja_install_location }}/files"
+vikunja_redis_location: "{{ vikunja_install_location }}/redis"
+vikunja_database_location: "{{ vikunja_install_location }}/database"
+
+# The certresolver that is used by traefik for the frontend domain
+vikunja_frontend_traefik_certresolver: letsencrypt_http
+
+# The domain that traefik will server vikunja's API under
+vikunja_frontend_domain: "vikunja.example.com"
+
+# The certresolver that is used by traefik for the api domain
+vikunja_api_traefik_certresolver: letsencrypt_http
+
+# The domain that traefik will server vikunja's API under
+vikunja_api_domain: "{{ vikunja_frontend_domain }}"
+
+# The database password to use
+vikunja_database_password: "{{ lookup('passwordstore', vikunja_api_domain + '/db create=true length=42') }}"
+
+# Container versions
+# renovate: depName=docker.io/vikunja/api
+vikunja_version: "0.18.1"
+# renovate: depName=docker.io/library/postgres
+vikunja_database_version: "13.4"
+# renovate: depName=docker.io/library/redis
+vikunja_redis_version: "6"
+
+# Container tag definitions
+vikunja_api_image_version: "{{ vikunja_version }}"
+vikunja_frontend_image_version: "{{ vikunja_version }}"
+vikunja_database_image_version: "{{ vikunja_database_version }}-alpine"
+vikunja_redis_image_version: "{{ vikunja_redis_version }}"
+
+# Enable or disable selinux handling
+vikunja_selinux_enabled: true
+
+# The SELinux levels for vikunja folders/container
+vikunja_selinux_level: "{{ omit }}"
+
+# Application Configuration
+
+# Service section
+
+# Set the motd message, available from the /info endpoint
+# Will be disabled if empty
+vikunja_service_motd: ""
+# This token is used to verify issued JWT tokens.
+# Default (empty string) is a random token which will be generated at each startup of vikunja.
+# (This means all already issued tokens will be invalid once you restart vikunja)
+vikunja_service_jwtsecret: ""
+# Enable the caldav endpoint, see the docs for more details
+vikunja_service_enablecaldav: true
+# Enable sharing of lists via a link
+vikunja_service_enablelinksharing: true
+# Whether to let new users registering themselves or not
+vikunja_service_enableregistration: true
+# Whether to enable task attachments or not
+vikunja_service_enabletaskattachments: true
+# The time zone all timestamps are in. Please note that time zones have to use [the official tz database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). UTC or GMT offsets won't work.
+vikunja_service_timezone: "GMT"
+# Whether task comments should be enabled or not
+vikunja_service_enabletaskcomments: true
+# Whether totp is enabled. In most cases you want to leave that enabled.
+vikunja_service_enabletotp: true
+# If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder
+# is due.
+vikunja_service_enableemailreminders: true
+# If true, will allow users to request the complete deletion of their account. When using external authentication methods
+# it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands
+# for user deletion.
+vikunja_service_enableuserdeletion: true
+
+# Mailer section
+vikunja_mailer:
+ # Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
+ enabled: false
+ # SMTP Host
+ host: ""
+ # SMTP Host port
+ port: 587
+ # SMTP username
+ username: "user"
+ # SMTP password
+ password: ""
+ # Wether to skip verification of the tls certificate on the server
+ skiptlsverify: false
+ # The default from address when sending emails
+ fromemail: "mail@vikunja"
+ # The length of the mail queue.
+ queuelength: 100
+ # The timeout in seconds after which the current open connection to the mailserver will be closed.
+ queuetimeout: 30
+ # By default, vikunja will try to connect with starttls, use this option to force it to use ssl.
+ forcessl: false
+
+# Log section
+vikunja_log:
+ # Whether to show any logging at all or none
+ enabled: true
+ # Where the normal log should go. Possible values are stdout, stderr, file or off to disable standard logging.
+ standard: "stdout"
+ # Change the log level. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
+ level: "WARNING"
+ # Whether or not to log database queries. Useful for debugging. Possible values are stdout, stderr, file or off to disable database logging.
+ database: "off"
+ # The log level for database log messages. Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
+ databaselevel: "WARNING"
+ # Whether to log http requests or not. Possible values are stdout, stderr, file or off to disable http logging.
+ http: "off"
+ # Echo has its own logging which usually is unnessecary, which is why it is disabled by default. Possible values are stdout, stderr, file or off to disable standard logging.
+ echo: "off"
+ # Whether or not to log events. Useful for debugging. Possible values are stdout, stderr, file or off to disable events logging.
+ events: "stdout"
+ # The log level for event log messages. Possible values (case-insensitive) are ERROR, INFO, DEBUG.
+ eventslevel: "error"
+
+# Rate limit section
+vikunja_ratelimit:
+ # whether or not to enable the rate limit
+ enabled: false
+ # The kind on which rates are based. Can be either "user" for a rate limit per user or "ip" for an ip-based rate limit.
+ kind: user
+ # The time period in seconds for the limit
+ period: 60
+ # The max number of requests a user is allowed to do in the configured time period
+ limit: 100
+ # The store where the limit counter for each user is stored.
+ # Possible values are "keyvalue", "memory" or "redis".
+ # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section.
+ store: redis
+
+# Files section
+
+# The maximum size of a file, as a human-readable string.
+# Warning: The max size is limited 2^64-1 bytes due to the underlying datatype
+vikunja_files_maxsize: "50MB"
+
+# Migration section
+vikunja_migration:
+ wunderlist:
+ # Wheter to enable the wunderlist migrator or not
+ enable: false
+ # The client id, required for making requests to the wunderlist api
+ # You need to register your vikunja instance at https://developer.wunderlist.com/apps/new to get this
+ clientid:
+ # The client secret, also required for making requests to the wunderlist api
+ clientsecret:
+ # The url where clients are redirected after they authorized Vikunja to access their wunderlist stuff.
+ # This needs to match the url you entered when registering your Vikunja instance at wunderlist.
+ # This is usually the frontend url where the frontend then makes a request to /migration/wunderlist/migrate
+ # with the code obtained from the wunderlist api.
+ # Note that the vikunja frontend expects this to be /migrate/wunderlist
+ redirecturl: /migrate/wunderlist
+ todoist:
+ # Wheter to enable the todoist migrator or not
+ enable: false
+ # The client id, required for making requests to the todoist api
+ # You need to register your vikunja instance at https://developer.todoist.com/appconsole.html to get this
+ clientid:
+ # The client secret, also required for making requests to the todoist api
+ clientsecret:
+ # The url where clients are redirected after they authorized Vikunja to access their todoist items.
+ # This needs to match the url you entered when registering your Vikunja instance at todoist.
+ # This is usually the frontend url where the frontend then makes a request to /migration/todoist/migrate
+ # with the code obtained from the todoist api.
+ # Note that the vikunja frontend expects this to be /migrate/todoist
+ redirecturl: /migrate/todoist
+ trello:
+ # Wheter to enable the trello migrator or not
+ enable: false
+ # The client id, required for making requests to the trello api
+ # You need to register your vikunja instance at https://trello.com/app-key (log in before you visit that link) to get this
+ key:
+ # The url where clients are redirected after they authorized Vikunja to access their trello cards.
+ # This needs to match the url you entered when registering your Vikunja instance at trello.
+ # This is usually the frontend url where the frontend then makes a request to /migration/trello/migrate
+ # with the code obtained from the trello api.
+ # Note that the vikunja frontend expects this to end on /migrate/trello.
+ redirecturl: /migrate/trello
+ microsofttodo:
+ # Wheter to enable the microsoft todo migrator or not
+ enable: false
+ # The client id, required for making requests to the microsoft graph api
+ # See https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application
+ # for information about how to register your vikuinja instance.
+ clientid:
+ # The client secret, also required for making requests to the microsoft graph api
+ clientsecret:
+ # The url where clients are redirected after they authorized Vikunja to access their microsoft todo tasks.
+ # This needs to match the url you entered when registering your Vikunja instance at microsoft.
+ # This is usually the frontend url where the frontend then makes a request to /migration/microsoft-todo/migrate
+ # with the code obtained from the microsoft graph api.
+ # Note that the vikunja frontend expects this to be /migrate/microsoft-todo
+ redirecturl: /migrate/microsoft-todo
+
+# Avatar section
+vikunja_avatar:
+ # When using gravatar, this is the duration in seconds until a cached gravatar user avatar expires
+ gravatarexpiration: 3600
+
+# Backgrounds section
+vikunja_backgrounds:
+ # Whether to enable backgrounds for lists at all.
+ enabled: true
+ providers:
+ upload:
+ # Whethere to enable uploaded list backgrounds
+ enabled: true
+ unsplash:
+ # Whether to enable setting backgrounds from unsplash as list backgrounds
+ enabled: false
+ # You need to create an application for your installation at https://unsplash.com/oauth/applications/new
+ # and set the access token below.
+ accesstoken:
+ # The unsplash application id is only used for pingback and required as per their api guidelines.
+ # You can find the Application ID in the dashboard for your API application. It should be a numeric ID.
+ # It will only show in the UI if your application has been approved for Enterprise usage, therefore if
+ # you’re in Demo mode, you can also find the ID in the URL at the end: https://unsplash.com/oauth/applications/:application_id
+ applicationid:
+
+# Legal section
+# Used to configure the legal URLs.
+# Will be shown in the frontend if configured here
+vikunja_legal:
+ imprinturl:
+ privacyurl:
+
+# Auth section
+
+# Local authentication will let users log in and register (if enabled) through the db.
+# This is the default auth mechanism and does not require any additional configuration.
+# Enable or disable local authentication
+vikunja_auth_local_enabled: true
+
+# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.
+# The provider needs to support the `openid`, `profile` and `email` scopes.
+# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
+# If the email is not public in those cases, authenticating will fail.
+# **Note 2:** The frontend expects to be redirected after authentication by the third party
+# to /auth/openid/. Please make sure to configure the redirect url with your third party
+# auth service accordingy if you're using the default vikunja frontend.
+# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
+
+# Enable or disable OpenID Connect authentication
+vikunja_auth_openid_enabled: false
+# A list of enabled providers
+vikunja_auth_openid_providers:
+ # The name of the provider as it will appear in the frontend.
+ - name:
+ # The auth url to send users to if they want to authenticate using OpenID Connect.
+ authurl:
+ # The client ID used to authenticate Vikunja at the OpenID Connect provider.
+ clientid:
+ # The client secret used to authenticate Vikunja at the OpenID Connect provider.
+ clientsecret:
+
+# Metrics section
+vikunja_metrics:
+ # If set to true, enables a /metrics endpoint for prometheus to collect metrics about Vikunja.
+ enabled: false
+ # If set to a non-empty value the /metrics endpoint will require this as a username via basic auth in combination with the password below.
+ username:
+ # If set to a non-empty value the /metrics endpoint will require this as a password via basic auth in combination with the username below.
+ password:
diff --git a/roles/vikunja/handlers/main.yml b/roles/vikunja/handlers/main.yml
new file mode 100644
index 0000000..81efc9d
--- /dev/null
+++ b/roles/vikunja/handlers/main.yml
@@ -0,0 +1,26 @@
+---
+# handlers file for vikunja
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+
+- name: Restart vikunja-api
+ docker_compose:
+ services:
+ - api
+ project_src: "{{ vikunja_install_location }}"
+ restarted: true
+ become: true
diff --git a/roles/vikunja/meta/main.yml b/roles/vikunja/meta/main.yml
new file mode 100644
index 0000000..1d9fe85
--- /dev/null
+++ b/roles/vikunja/meta/main.yml
@@ -0,0 +1,17 @@
+galaxy_info:
+ author: saibotk
+ description: Installs vikunja via docker.
+ license: GPL-3.0-only
+ min_ansible_version: 2.9
+
+ platforms:
+ - name: CentOS
+ versions:
+ - 7
+
+ galaxy_tags: []
+
+dependencies:
+ - docker
+ - docker_compose
+ - traefik
diff --git a/roles/vikunja/tasks/main.yml b/roles/vikunja/tasks/main.yml
new file mode 100644
index 0000000..5b6f193
--- /dev/null
+++ b/roles/vikunja/tasks/main.yml
@@ -0,0 +1,89 @@
+---
+# Tasks file for the vikunja role
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2019-2020 Christoph (Sheogorath) Kern
+# Copyright (C) 2019-2020 Alexander (w4tsn) Wellbrock
+# Copyright (C) 2020-2021 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+
+- name: Update default SELinux contexts
+ sefcontext:
+ target: '{{ item }}(/.*)?'
+ setype: "container_file_t"
+ state: present
+ with_items:
+ - "{{ vikunja_database_location }}"
+ - "{{ vikunja_api_files_location }}"
+ when:
+ - vikunja_selinux_enabled
+ become: true
+
+- name: Create install directory
+ file:
+ path: "{{ item }}"
+ state: directory
+ mode: '0700'
+ owner: 'root'
+ group: 'root'
+ with_items:
+ - "{{ vikunja_install_location }}"
+ become: true
+
+- name: Create data directories
+ file: # noqa risky-file-permissions # Container manages permissions on its own
+ path: "{{ item }}"
+ state: directory
+ setype: "container_file_t"
+ with_items:
+ - "{{ vikunja_database_location }}"
+ - "{{ vikunja_api_files_location }}"
+ become: true
+
+- name: Deploy docker-compose.yml
+ template:
+ src: "docker-compose.yml"
+ dest: "{{ vikunja_install_location }}/docker-compose.yml"
+ mode: '0600'
+ owner: 'root'
+ group: 'root'
+ validate: docker-compose -f %s config -q
+ tags:
+ - vikunja
+ become: true
+
+- name: Deploy config.yml
+ template:
+ src: "config.yml"
+ dest: "{{ vikunja_install_location }}/config.yml"
+ owner: '1000'
+ group: 'root'
+ mode: '0600'
+ setype: "container_file_t"
+ selevel: "{{ vikunja_selinux_level }}"
+ notify: "Restart vikunja-api"
+ become: true
+
+- name: Compose vikunja
+ docker_compose:
+ state: present
+ project_src: "{{ vikunja_install_location }}"
+ pull: true
+ remove_orphans: true
+ tags:
+ - docker
+ - vikunja
+ become: true
diff --git a/roles/vikunja/templates/config.yml b/roles/vikunja/templates/config.yml
new file mode 100644
index 0000000..868f0f8
--- /dev/null
+++ b/roles/vikunja/templates/config.yml
@@ -0,0 +1,189 @@
+{{ ansible_managed | comment }}
+
+# Vikunja application configuration
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+
+service:
+{% if vikunja_service_jwtsecret | length %}
+ # This token is used to verify issued JWT tokens.
+ # Default is a random token which will be generated at each startup of vikunja.
+ # (This means all already issued tokens will be invalid once you restart vikunja)
+ JWTSecret: "{{ vikunja_service_jwtsecret }}"
+{% endif %}
+ # The interface on which to run the webserver
+ interface: ":3456"
+ # The URL of the frontend, used to send password reset emails.
+ frontendurl: "https://{{ vikunja_frontend_domain }}/"
+ # The base path on the file system where the binary and assets are.
+ # Vikunja will also look in this path for a config file, so you could provide only this variable to point to a folder
+ # with a config file which will then be used.
+ rootpath: "/app/vikunja/"
+ # The max number of items which can be returned per page
+ maxitemsperpage: 50
+ # Enable the caldav endpoint, see the docs for more details
+ enablecaldav: {{ vikunja_service_enablecaldav | bool }}
+{% if vikunja_service_motd | length %}
+ # Set the motd message, available from the /info endpoint
+ motd: "{{ vikunja_service_motd }}"
+{% endif %}
+ # Enable sharing of lists via a link
+ enablelinksharing: {{ vikunja_service_enablelinksharing | bool }}
+ # Whether to let new users registering themselves or not
+ enableregistration: {{ vikunja_service_enableregistration | bool }}
+ # Whether to enable task attachments or not
+ enabletaskattachments: {{ vikunja_service_enabletaskattachments | bool }}
+ # The time zone all timestamps are in. Please note that time zones have to use [the official tz database names](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones). UTC or GMT offsets won't work.
+ timezone: {{ vikunja_service_timezone }}
+ # Whether task comments should be enabled or not
+ enabletaskcomments: {{ vikunja_service_enabletaskcomments | bool }}
+ # Whether totp is enabled. In most cases you want to leave that enabled.
+ enabletotp: {{ vikunja_service_enabletotp | bool }}
+ # If not empty, enables logging of crashes and unhandled errors in sentry.
+ # sentrydsn: ''
+ # If not empty, this will enable `/test/{table}` endpoints which allow to put any content in the database.
+ # Used to reset the db before frontend tests. Because this is quite a dangerous feature allowing for lots of harm,
+ # each request made to this endpoint neefs to provide an `Authorization: ` header with the token from below.
+ # **You should never use this unless you know exactly what you're doing**
+ # testingtoken: ''
+ # If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder
+ # is due.
+ enableemailreminders: {{ vikunja_service_enableemailreminders | bool }}
+ # If true, will allow users to request the complete deletion of their account. When using external authentication methods
+ # it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands
+ # for user deletion.
+ enableuserdeletion: {{ vikunja_service_enableuserdeletion | bool }}
+
+database:
+ # Database type to use. Supported types are mysql, postgres and sqlite.
+ type: "postgres"
+ # Database user which is used to connect to the database.
+ user: "vikunja"
+ # Databse password
+ password: "{{ vikunja_database_password }}"
+ # Databse host
+ host: "db"
+ # Databse to use
+ database: "vikunja"
+ # When using sqlite, this is the path where to store the data
+ # path: "./vikunja.db"
+ # Sets the max open connections to the database. Only used when using mysql and postgres.
+ maxopenconnections: 100
+ # Sets the maximum number of idle connections to the db.
+ maxidleconnections: 50
+ # The maximum lifetime of a single db connection in miliseconds.
+ maxconnectionlifetime: 10000
+ # Secure connection mode. Only used with postgres.
+ # (see https://pkg.go.dev/github.com/lib/pq?tab=doc#hdr-Connection_String_Parameters)
+ sslmode: disable
+ # Enable SSL/TLS for mysql connections. Options: false, true, skip-verify, preferred
+ tls: false
+
+cache:
+ # If cache is enabled or not
+ enabled: true
+ # Cache type. Possible values are "keyvalue", "memory" or "redis".
+ # When choosing "keyvalue" this setting follows the one configured in the "keyvalue" section.
+ # When choosing "redis" you will need to configure the redis connection seperately.
+ type: redis
+ # When using memory this defines the maximum size an element can take
+ maxelementsize: 1000
+
+redis:
+ # Whether to enable redis or not
+ enabled: true
+ # The host of the redis server including its port.
+ host: 'redis:6379'
+ # The password used to authenicate against the redis server
+ password: ''
+ # 0 means default database
+ db: 0
+
+cors:
+ # Whether to enable or disable cors headers.
+ # Note: If you want to put the frontend and the api on seperate domains or ports, you will need to enable this.
+ # Otherwise the frontend won't be able to make requests to the api through the browser.
+ enable: true
+ # A list of origins which may access the api. These need to include the protocol (`http://` or `https://`) and port, if any.
+ origins:
+ - "https://{{ vikunja_frontend_domain }}"
+ # How long (in seconds) the results of a preflight request can be cached.
+ maxage: 0
+
+mailer:
+ {{ vikunja_mailer | to_nice_yaml(indent=2) | indent(2) }}
+
+log:
+ {{ vikunja_log | to_nice_yaml(indent=2) | indent(2) }}
+
+ratelimit:
+ {{ vikunja_ratelimit | to_nice_yaml(indent=2) | indent(2) }}
+
+files:
+ # The path where files are stored
+ basepath: ./files # relative to the binary
+ # The maximum size of a file, as a human-readable string.
+ # Warning: The max size is limited 2^64-1 bytes due to the underlying datatype
+ maxsize: {{ vikunja_files_maxsize }}
+
+migration:
+ {{ vikunja_migration | to_nice_yaml(indent=2) | indent(2) }}
+
+avatar:
+ {{ vikunja_avatar | to_nice_yaml(indent=2) | indent(2) }}
+
+backgrounds:
+ {{ vikunja_backgrounds | to_nice_yaml(indent=2) | indent(2) }}
+
+# Legal urls
+# Will be shown in the frontend if configured here
+legal:
+ {{ vikunja_legal | to_nice_yaml(indent=2) | indent(2) }}
+
+# Key Value Storage settings
+# The Key Value Storage is used for different kinds of things like metrics and a few cache systems.
+keyvalue:
+ # The type of the storage backend. Can be either "memory" or "redis". If "redis" is chosen it needs to be configured seperately.
+ type: "memory"
+
+auth:
+ # Local authentication will let users log in and register (if enabled) through the db.
+ # This is the default auth mechanism and does not require any additional configuration.
+ local:
+ # Enable or disable local authentication
+ enabled: {{ vikunja_auth_local_enabled | bool }}
+ # OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.
+ # The provider needs to support the `openid`, `profile` and `email` scopes.
+ # **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
+ # If the email is not public in those cases, authenticating will fail.
+ # **Note 2:** The frontend expects to be redirected after authentication by the third party
+ # to /auth/openid/. Please make sure to configure the redirect url with your third party
+ # auth service accordingy if you're using the default vikunja frontend.
+ # Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
+ openid:
+ # Enable or disable OpenID Connect authentication
+ enabled: {{ vikunja_auth_openid_enabled | bool }}
+ # The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
+ # frontend, you don't need to change this value.
+ # redirecturl:
+ # A list of enabled providers
+ providers:
+ {{ vikunja_auth_openid_providers | to_nice_yaml(indent=2) | indent(6) }}
+
+# Prometheus metrics endpoint
+metrics:
+ {{ vikunja_metrics | to_nice_yaml(indent=2) | indent(2) }}
diff --git a/roles/vikunja/templates/docker-compose.yml b/roles/vikunja/templates/docker-compose.yml
new file mode 100644
index 0000000..089a9de
--- /dev/null
+++ b/roles/vikunja/templates/docker-compose.yml
@@ -0,0 +1,126 @@
+{{ ansible_managed | comment }}
+
+# Infrastructure
+# Ansible instructions to deploy the infrastructure
+# Copyright (C) 2021 Saibotk
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, version 3 of the License.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see .
+#
+
+version: '2'
+services:
+ api:
+ image: docker.io/vikunja/api:{{ vikunja_api_image_version }}
+ depends_on:
+ - db
+ - redis
+ volumes:
+ - "{{ vikunja_install_location }}/config.yml:/app/vikunja/config.yml:ro"
+ - "{{ vikunja_api_files_location }}:/app/vikunja/files"
+ networks:
+ database:
+{% if proxy_network is defined %}
+ {{ proxy_network }}:
+{% endif %}
+ restart: always
+{% if vikunja_selinux_level != omit %}
+ security_opt:
+ - label=level:{{ vikunja_selinux_level }}
+{% endif %}
+ labels:
+ - "traefik.enable=true"
+
+ - "traefik.http.routers.vikunja-api.rule=Host(`{{ vikunja_api_domain }}`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)"
+ - "traefik.http.routers.vikunja-api.entrypoints=websecure"
+ - "traefik.http.routers.vikunja-api.tls.certresolver={{ vikunja_api_traefik_certresolver }}"
+ - "traefik.http.routers.vikunja-api.middlewares=vikunja-api,compress"
+ - "traefik.http.services.vikunja-api.loadbalancer.server.port=3456"
+ - "traefik.http.middlewares.vikunja-api.headers.sslredirect=true"
+ - "traefik.http.middlewares.vikunja-api.headers.stsSeconds=63072000"
+ - "traefik.http.middlewares.vikunja-api.headers.referrerPolicy=no-referrer"
+
+{% if proxy_network is defined %}
+ - "traefik.docker.network={{ proxy_network }}"
+{% endif %}
+{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
+ - "traefik.http.middlewares.vikunja-api.headers.customresponseheaders.alt-svc:h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
+
+ frontend:
+ image: docker.io/vikunja/frontend:{{ vikunja_frontend_image_version }}
+ restart: always
+ mem_limit: 10mb
+ memswap_limit: 15mb
+ security_opt:
+ - no-new-privileges
+ labels:
+ - "traefik.enable=true"
+
+ - "traefik.http.routers.vikunja-frontend.rule=Host(`{{ vikunja_frontend_domain }}`) && PathPrefix(`/`)"
+ - "traefik.http.routers.vikunja-frontend.entrypoints=websecure"
+ - "traefik.http.routers.vikunja-frontend.tls.certresolver={{ vikunja_frontend_traefik_certresolver }}"
+ - "traefik.http.routers.vikunja-frontend.middlewares=vikunja-frontend,compress"
+ - "traefik.http.services.vikunja-frontend.loadbalancer.server.port=80"
+ - "traefik.http.middlewares.vikunja-frontend.headers.sslredirect=true"
+ - "traefik.http.middlewares.vikunja-frontend.headers.stsSeconds=63072000"
+ - "traefik.http.middlewares.vikunja-frontend.headers.referrerPolicy=no-referrer"
+
+{% if proxy_network is defined %}
+ - "traefik.docker.network={{ proxy_network }}"
+{% endif %}
+{% if proxy_hiddenservice is defined and proxy_hiddenservice.content is defined %}
+ - "traefik.http.middlewares.vikunja-frontend.headers.customresponseheaders.alt-svc:h2={{ proxy_hiddenservice['content'] | b64decode | trim }}:443; ma=2592000"
+{% endif %}
+{% if proxy_network is defined %}
+ networks:
+ {{ proxy_network }}:
+{% endif %}
+
+ db:
+ image: docker.io/library/postgres:{{ vikunja_database_image_version }}
+ restart: always
+ mem_limit: 512mb
+ memswap_limit: 768mb
+ read_only: true
+ security_opt:
+ - no-new-privileges
+ tmpfs:
+ - /run/postgresql:size=512K
+ - /tmp:size=128K
+ stop_grace_period: 2m
+ stop_signal: SIGINT
+ environment:
+ - POSTGRES_DB=vikunja
+ - POSTGRES_USER=vikunja
+ - POSTGRES_PASSWORD={{ vikunja_database_password }}
+ volumes:
+ - "{{ vikunja_database_location }}:/var/lib/postgresql/data"
+ networks:
+ database:
+
+ redis:
+ image: "docker.io/library/redis:{{ vikunja_redis_image_version }}"
+ mem_limit: 512mb
+ memswap_limit: 768mb
+ restart: always
+ volumes:
+ - {{ vikunja_redis_location }}:/data
+ networks:
+ database:
+
+networks:
+ database:
+{% if proxy_network is defined %}
+ {{ proxy_network }}:
+ external: true
+{% endif %}