Vikunja - Selfhosted To-Do App
Vikunja - Selfhosted To-Do App
Vikunja - ToDo is the open-source, self-hostable to-do app. It lets you organize all kinds of things, from your shopping list to a multi-month project with multiple team members. Different ways to view, filter and share your tasks make this a breeze.
I use PostegreSQL
Unfortunately Vikunja doesn’t allow you to configure OAuth via Docker ENV/Labels currently so i also have a configuration file.
Kubernetes Manifest
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
---
apiVersion: apps/v1
kind: Deployment
metadata:
labels:
app: vikunja
app.kubernetes.io/instance: vikunja
app.kubernetes.io/name: vikunja
name: vikunja
namespace: vikunja
spec:
replicas: 1
strategy:
type: Recreate
selector:
matchLabels:
app: vikunja
template:
metadata:
labels:
app: vikunja
app.kubernetes.io/name: vikunja
spec:
nodeSelector:
worker: "true"
containers:
- image: vikunja/vikunja:latest
name: vikunja
ports:
- containerPort: 3456
name: web
protocol: TCP
env:
- name: TZ
value: Europe/London
- name: PUID
value: "1000"
- name: PGID
value: "1000"
- name: VIKUNJA_DATABASE_TYPE
value: postgres
- name: VIKUNJA_REDIS_PASSWORD
value: [REDACTED]
- name: VIKUNJA_DATABASE_PASSWORD
value: [REDACTED]
- name: VIKUNJA_DATABASE_USER
value: vikunja
- name: VIKUNJA_DATABASE_HOST
value: postgresql.postgresql
- name: VIKUNJA_DATABASE_DATABASE
value: vikunja
- name: VIKUNJA_REDIS_HOST
value: redis.redis:6379
- name: VIKUNJA_SERVICE_PUBLICURL
value: https://todo.f9.casa/
volumeMounts:
- mountPath: "/etc/vikunja"
readOnly: false
name: data
subPath: data
- mountPath: "/app/vikunja/files"
readOnly: false
name: data
subPath: files
- mountPath: "/etc/vikunja/config.yml"
name: vikunja-config
subPath: config.yml
volumes:
- name: data
persistentVolumeClaim:
claimName: vikunja
- name: vikunja-config
configMap:
name: vikunja-config
---
apiVersion: v1
kind: Service
metadata:
labels:
app: vikunja
name: vikunja
namespace: vikunja
spec:
ports:
- name: web-tcp
port: 3456
protocol: TCP
targetPort: 3456
selector:
app: vikunja
---
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: vikunja
namespace: vikunja
annotations:
kubernetes.io/ingress.class: traefik-external
spec:
entryPoints:
- websecure
routes:
- match: Host(`todo.f9.casa`)
kind: Rule
services:
- name: vikunja
port: 3456
middlewares:
- name: default-headers
namespace: default
tls:
secretName: f9-casa-tls
Kubernetes ConfigMap
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
apiVersion: v1
kind: ConfigMap
metadata:
name: vikunja-config
namespace: vikunja
labels:
app: vikunja
data:
config.yml: |
service:
JWTSecret: "[REDACTED]"
auth:
# Local authentication will let users log in and register (if enabled) through the db.
# This is the default auth mechanism and does not require any additional configuration.
local:
# Enable or disable local authentication
enabled: true
# OpenID configuration will allow users to authenticate through a third-party OpenID Connect compatible provider.<br/>
# The provider needs to support the `openid`, `profile` and `email` scopes.<br/>
# **Note:** Some openid providers (like gitlab) only make the email of the user available through openid claims if they have set it to be publicly visible.
# If the email is not public in those cases, authenticating will fail.
# **Note 2:** The frontend expects to be redirected after authentication by the third party
# to <frontend-url>/auth/openid/<auth key>. Please make sure to configure the redirect url with your third party
# auth service accordingy if you're using the default vikunja frontend.
# Take a look at the [default config file](https://kolaente.dev/vikunja/api/src/branch/main/config.yml.sample) for more information about how to configure openid authentication.
openid:
# Enable or disable OpenID Connect authentication
enabled: true
# The url to redirect clients to. Defaults to the configured frontend url. If you're using Vikunja with the official
# frontend, you don't need to change this value.
# **Note:** The redirect url must exactly match the configured redirect url with the third party provider.
# This includes all slashes at the end or protocols.
# A list of enabled providers
providers:
# The name of the provider as it will appear in the frontend.
- name: "F9 Casa"
# The auth url to send users to if they want to authenticate using OpenID Connect.
authurl: https://auth.f9.casa/application/o/vikunja/
# The oidc logouturl that users will be redirected to on logout.
# Leave empty or delete key, if you do not want to be redirected.
logouturl: https://auth.f9.casa/application/o/vikunja/end-session/
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
clientid: [REDACTED]
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
clientsecret: [REDACTED]
mailer:
# Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible.
enabled: true
# SMTP Host
host: "[REDACTED]"
# SMTP Host port.
# **NOTE:** If you're unable to send mail and the only error you see in the logs is an `EOF`, try setting the port to `25`.
port: 587
# SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`.
authtype: "login"
# SMTP username
username: "[REDACTED]"
# SMTP password
password: "[REDACTED]"
# Wether to skip verification of the tls certificate on the server
skiptlsverify: false
# The default from address when sending emails
fromemail: "[REDACTED]"
# The length of the mail queue.
queuelength: 100
# The timeout in seconds after which the current open connection to the mailserver will be closed.
queuetimeout: 30
# By default, vikunja will try to connect with starttls, use this option to force it to use ssl.
forcessl: false
# Prometheus metrics endpoint
metrics:
# If set to true, enables a /metrics endpoint for prometheus to collect metrics about Vikunja.
enabled: true
# If set to a non-empty value the /metrics endpoint will require this as a username via basic auth in combination with the password below.
username: [REDACTED]
# If set to a non-empty value the /metrics endpoint will require this as a password via basic auth in combination with the username below.
password: [REDACTED]
Docker Compose
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
version: '3.9'
services:
vikunja:
image: vikunja/vikunja:latest
hostname: vikunja
networks:
- traefik-public
environment:
- TZ=Europe/London
- PUID=1000
- PGID=1000
- VIKUNJA_DATABASE_TYPE=mysql
- VIKUNJA_REDIS_PASSWORD=[REDACTED]
- VIKUNJA_DATABASE_PASSWORD=[REDACTED]
- VIKUNJA_DATABASE_USER=vikunja
- VIKUNJA_DATABASE_HOST=mariadb
- VIKUNJA_DATABASE_DATABASE=vikunja
- VIKUNJA_REDIS_HOST=redis:6379
- VIKUNJA_SERVICE_PUBLICURL=https://todo.f9.casa/
volumes:
- /srv/cephfs/docker/appdata/vikunja:/app/vikunja/files:rw
- /srv/cephfs/docker/appdata/vikunja/config:/etc/vikunja:rw
deploy:
labels:
- "traefik.enable=true"
- "traefik.http.routers.vikunja.rule=Host(`todo.f9.casa`)"
- "traefik.http.services.vikunja.loadbalancer.server.port=3456"
- "traefik.http.routers.vikunja.entrypoints=websecure"
- "traefik.http.routers.vikunja.tls=true"
- "traefik.http.routers.vikunja.tls.certresolver=letsencrypt"
mode: replicated
networks:
traefik-public:
external: true
Configuration
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
service:
JWTSecret: "[REDACTED]"
auth:
# Local authentication will let users log in and register (if enabled) through the db.
# This is the default auth mechanism and does not require any additional configuration.
local:
# Enable or disable local authentication
enabled: true
openid:
# Enable or disable OpenID Connect authentication
enabled: true
# A list of enabled providers
providers:
# The name of the provider as it will appear in the frontend.
- name: "F9 Casa"
# The auth url to send users to if they want to authenticate using OpenID Connect.
authurl: https://auth.f9.casa/application/o/vikunja/
# The oidc logouturl that users will be redirected to on logout.
# Leave empty or delete key, if you do not want to be redirected.
logouturl: https://auth.f9.casa/application/o/vikunja/end-session/
# The client ID used to authenticate Vikunja at the OpenID Connect provider.
clientid: [REDACTED]
# The client secret used to authenticate Vikunja at the OpenID Connect provider.
clientsecret: [REDACTED]
mailer:
enabled: true
# SMTP Host
host: "in-v3.mailjet.com"
# SMTP Host port.
port: 587
# SMTP Auth Type. Can be either `plain`, `login` or `cram-md5`.
authtype: "login"
# SMTP username
username: "[REDACTED]"
# SMTP password
password: "[REDACTED]"
# Wether to skip verification of the tls certificate on the server
skiptlsverify: false
# The default from address when sending emails
fromemail: "[REDACTED]"
# The length of the mail queue.
queuelength: 100
# The timeout in seconds after which the current open connection to the mailserver will be closed.
queuetimeout: 30
# By default, vikunja will try to connect with starttls, use this option to force it to use ssl.
forcessl: false
# Prometheus metrics endpoint
metrics:
enabled: true
username: [REDACTED]
password: [REDACTED]
This post is licensed under CC BY 4.0 by the author.