From ca0cc83ecbcd7735e4e664b945cd70a8993b5772 Mon Sep 17 00:00:00 2001 From: Stavros Kois <47820033+stavros-k@users.noreply.github.com> Date: Tue, 28 Feb 2023 10:14:10 +0200 Subject: [PATCH] feat(vikunja): BREAKING CHANGE - allow custom yaml to some extent and use a config file to provide all available features (#6607) * feat(vikunja): switch to configfile and restructure * extent values * more values * remove extra's. all is exposed anyway * pre-commit * lint * add service * fix * fix * more quests * add moer * bump * openID * migration * port * whops --------- Signed-off-by: Stavros Kois <47820033+stavros-k@users.noreply.github.com> --- charts/stable/vikunja/Chart.yaml | 2 +- charts/stable/vikunja/questions.yaml | 1022 ++++++++++++++---- charts/stable/vikunja/templates/_secrets.tpl | 189 +++- charts/stable/vikunja/values.yaml | 227 ++-- cspell.config.yaml | 2 + 5 files changed, 1159 insertions(+), 283 deletions(-) diff --git a/charts/stable/vikunja/Chart.yaml b/charts/stable/vikunja/Chart.yaml index e615199b26b..096ddada8a7 100644 --- a/charts/stable/vikunja/Chart.yaml +++ b/charts/stable/vikunja/Chart.yaml @@ -26,7 +26,7 @@ name: vikunja sources: - https://github.com/truecharts/charts/tree/master/charts/stable/vikunja - https://vikunja.io/docs -version: 6.0.34 +version: 7.0.0 annotations: truecharts.org/catagories: | - productivity diff --git a/charts/stable/vikunja/questions.yaml b/charts/stable/vikunja/questions.yaml index 95f1cb0db70..079cfff1142 100644 --- a/charts/stable/vikunja/questions.yaml +++ b/charts/stable/vikunja/questions.yaml @@ -8,215 +8,836 @@ questions: # Include{replicas} # Include{replica1} # Include{controllerExpertExtraArgs} - - variable: env - group: "App Configuration" - label: "Image Environment" + - variable: vikunja + group: App Configuration + label: Vikunja Configuration schema: additional_attrs: true type: dict attrs: - - variable: VIKUNJA_SERVICE_FRONTENDURL - label: "VIKUNJA_SERVICE_FRONTENDURL" - description: "The URL of the frontend, used to send password reset emails. eg. https://vikunjka.example.com (be sure to include the servicePort when needed)" + - variable: service + label: Service schema: - type: string - required: true - default: "" - - variable: VIKUNJA_SERVICE_MOTD - label: "VIKUNJA_SERVICE_MOTD" - description: "Set the motd message, available from the /info endpoint" - schema: - type: string - default: "" - - variable: VIKUNJA_SERVICE_JWTTTL - label: "VIKUNJA_SERVICE_JWTTTL" - description: "The duration of the issed JWT tokens in seconds. The default is 259200 seconds (3 Days)." - schema: - type: int - required: true - default: 259200 - - variable: VIKUNJA_SERVICE_JWTTTLLONG - label: "VIKUNJA_SERVICE_JWTTTLLONG" - description: "The duration of the remember me time in seconds. When the login request is made with the long param set, the token returned will be valid for this period. The default is 2592000 seconds (30 Days)." - schema: - type: int - required: true - default: 2592000 - - variable: VIKUNJA_SERVICE_MAXITEMSPERPAGE - label: "VIKUNJA_SERVICE_MAXITEMSPERPAGE" - description: "The max number of items which can be returned per page." - schema: - type: int - required: true - default: 50 - - variable: VIKUNJA_FILES_MAXSIZE - label: "VIKUNJA_FILES_MAXSIZE" - description: "The maximum size of a file, as a human-readable string. Warning: The max size is limited 2^64-1 bytes due to the underlying datatype" - schema: - type: string - required: true - default: "20MB" - - variable: VIKUNJA_SERVICE_ENABLECALDAV - label: "VIKUNJA_SERVICE_ENABLECALDAV" - description: "Enable the caldav endpoint, see the docs for more details" - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLELINKSHARING - label: "VIKUNJA_SERVICE_ENABLELINKSHARING" - description: "Enable sharing of lists via a link" - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLEREGISTRATION - label: "VIKUNJA_SERVICE_ENABLEREGISTRATION" - description: "Whether to let new users registering themselves or not" - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLETASKATTACHMENTS - label: "VIKUNJA_SERVICE_ENABLETASKATTACHMENTS" - description: "Whether to enable task attachments or not" - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLETASKCOMMENTS - label: "VIKUNJA_SERVICE_ENABLETASKCOMMENTS" - description: "Whether task comments should be enabled or not" - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLETOTP - label: "VIKUNJA_SERVICE_ENABLETOTP" - description: "Whether totp is enabled. In most cases you want to leave that enabled." - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLEEMAILREMINDERS - label: "VIKUNJA_SERVICE_ENABLEEMAILREMINDERS" - description: "If enabled, vikunja will send an email to everyone who is either assigned to a task or created it when a task reminder is due." - schema: - type: boolean - default: true - - variable: VIKUNJA_SERVICE_ENABLEUSERDELETION - label: "VIKUNJA_SERVICE_ENABLEUSERDELETION" - description: "If true, will allow users to request the complete deletion of their account. When using external authentication methods it may be required to coordinate with them in order to delete the account. This setting will not affect the cli commands for user deletion." - schema: - type: boolean - default: true - - variable: VIKUNJA_BACKGROUNDS_ENABLED - label: "VIKUNJA_BACKGROUNDS_ENABLED" - description: "Whether to enable backgrounds for lists at all." - schema: - type: boolean - default: true - - variable: VIKUNJA_RATELIMIT_ENABLED - label: "VIKUNJA_RATELIMIT_ENABLED" - description: "Whether or not to enable the rate limit" - schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: VIKUNJA_RATELIMIT_KIND - label: "VIKUNJA_RATELIMIT_KIND" - description: "The kind on which rates are based. Can be either for a rate limit per user or for an ip-based rate limit." + additional_attrs: true + type: dict + attrs: + - variable: jwtttl + label: JWT TTL + description: The duration of the issued JWT tokens in seconds. + schema: + type: int + required: true + default: 259200 + - variable: jwtttllong + label: JWT TTL Long + description: The duration of the “remember me” time in seconds. When the login request is made with the long param set, the token returned will be valid for this period. + schema: + type: int + required: true + default: 2592000 + - variable: motd + label: Message of the Day + description: Set the motd message, available from the /info endpoint + schema: + type: string + default: "" + - variable: frontendurl + label: Frontend URL + description: The URL of the frontend, used to send password reset emails. schema: type: string required: true - default: "user" + default: "" + - variable: maxitemsperpage + label: Max Item per Page + description: The max number of items which can be returned per page. + schema: + type: int + required: true + default: 50 + - variable: maxavatarsize + label: Max Avatar Size + description: | + The maximum size clients will be able to request for user avatars. + If clients request a size bigger than this, it will be changed on the fly. + schema: + type: int + required: true + default: 1024 + - variable: enablecaldav + label: Enable CalDAV + description: Enable the CalDAV endpoint, see the docs for more details. + schema: + type: boolean + default: true + - variable: enablelinksharing + label: Enable Link Sharing + description: Enable sharing of lists via a link. + schema: + type: boolean + default: true + - variable: enableregistration + label: Enable Registration + description: Whether to let new users registering themselves or not + schema: + type: boolean + default: true + - variable: enabletaskattachments + label: Enable Task Attachments + description: Whether to enable task attachments or not + schema: + type: boolean + default: true + - variable: enabletaskcomments + label: Enable Task Comments + description: Whether task comments should be enabled or not + schema: + type: boolean + default: true + - variable: enabletotp + label: Enable TOTP + description: Whether TOTP is enabled. In most cases you want to leave that enabled. + schema: + type: boolean + default: true + - variable: enableemailreminders + label: Enable E-Mail Reminders + description: | + If enabled, vikunja will send an email to everyone who is either assigned to a task + or created it when a task reminder is due. + schema: + type: boolean + default: true + - variable: enableuserdeletion + label: Enable User Deletion + description: | + If true, will allow users to request the complete deletion of their account. + When using external authentication methods it may be required to coordinate with + them in order to delete the account. This setting will not affect the cli commands for user deletion. + schema: + type: boolean + default: true + - variable: cors + label: CORS + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable or disable cors headers. + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: origins + label: Origins + description: A list of origins which may access the api. These need to include the protocol (http:// or https://) and port, if any. + schema: + type: list + default: [] + items: + - variable: originEntry + label: "" + schema: + type: string + required: true + default: "" + - variable: maxage + label: Max Age + description: How long (in seconds) the results of a preflight request can be cached. + schema: + type: int + required: true + default: 0 + - variable: ratelimit + label: Rate Limit + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether or not to enable the rate limit. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: kind + label: Kind + description: The kind on which rates are based. Can be either “user” for a rate limit per user or “ip” for an ip-based rate limit. + schema: + type: string + required: true + default: user + enum: + - value: user + description: User + - value: ip + description: IP + - variable: period + label: Period + description: The time period in seconds for the limit. + schema: + type: int + required: true + default: 60 + - variable: limit + label: Limit + description: The max number of requests a user is allowed to do in the configured time period. + schema: + type: int + required: true + default: 100 + - variable: files + label: Files + schema: + additional_attrs: true + type: dict + attrs: + - variable: maxsize + label: Max Size + description: The maximum size of a file, as a human-readable string. + schema: + type: string + required: true + default: 20MB + - variable: avatar + label: Avatar + schema: + additional_attrs: true + type: dict + attrs: + - variable: gravatarexpiration + label: Gravatar Expiration + description: When using gravatar, this is the duration in seconds until a cached gravatar user avatar expires + schema: + type: int + required: true + default: 3600 + - variable: legal + label: Legal + schema: + additional_attrs: true + type: dict + attrs: + - variable: imprinturl + label: Imprint URL + description: Legal urls Will be shown in the frontend if configured here + schema: + type: string + default: "" + - variable: privacyurl + label: Privacy URL + description: Legal urls Will be shown in the frontend if configured here + schema: + type: string + default: "" + - variable: mailer + label: Mailer + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible. + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: host + label: Host + description: SMTP Host + schema: + type: string + required: true + default: "" + - variable: port + label: Port + description: SMTP Port + schema: + type: int + required: true + default: 587 + - variable: authtype + label: Auth Type + description: SMTP Auth Type. Can be either plain, login or cram-md5. + schema: + type: string + required: true + default: plain + enum: + - value: plain + description: Plain + - value: login + description: Login + - value: cram-md5 + description: Cram-MD5 + - variable: username + label: Username + description: SMTP Username + schema: + type: string + required: true + default: "" + - variable: password + label: Password + description: SMTP Password + schema: + type: string + required: true + default: "" + - variable: fromemail + label: From E-Mail + description: The default from address when sending emails + schema: + type: string + required: true + default: "" + - variable: skiptlsverify + label: Skip TLS Verify + description: Wether to skip verification of the tls certificate on the server + schema: + type: boolean + default: false + - variable: forcessl + label: Force SSL + description: By default, vikunja will try to connect with starttls, use this option to force it to use ssl. + schema: + type: boolean + default: true + - variable: queuelength + label: Queue Length + description: The length of the mail queue. + schema: + type: int + required: true + default: 100 + - variable: queuetimeout + label: Queue Timeout + description: The timeout in seconds after which the current open connection to the mail server will be closed. + schema: + type: int + required: true + default: 100 + - variable: log + label: Log + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to show any logging at all or none + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: path + label: Path + description: A folder where all the log files should go. + schema: + type: string + required: true + default: /app/vikunja/logs + - variable: standard + label: Standard + description: Where the normal log should go. + schema: + type: string + required: true + default: stdout + enum: + - value: stdout + description: stdout + - value: stderr + description: stderr + - value: file + description: File + - value: "off" + description: "Off" + - variable: level + label: Level + description: Change the log level. + schema: + type: string + show_if: [["standard", "!=", "off"]] + required: true + default: INFO + enum: + - value: INFO + description: INFO + - value: NOTICE + description: NOTICE + - value: WARNING + description: WARNING + - value: ERROR + description: ERROR + - value: CRITICAL + description: CRITICAL + - value: DEBUG + description: DEBUG + - variable: database + label: Database + description: Whether or not to log database queries. Useful for debugging. + schema: + type: string + required: true + default: "off" + enum: + - value: stdout + description: stdout + - value: stderr + description: stderr + - value: file + description: File + - value: "off" + description: "Off" + - variable: databaselevel + label: Database Level + description: The log level for database log messages. + schema: + type: string + show_if: [["database", "!=", "off"]] + required: true + default: INFO + enum: + - value: INFO + description: INFO + - value: NOTICE + description: NOTICE + - value: WARNING + description: WARNING + - value: ERROR + description: ERROR + - value: CRITICAL + description: CRITICAL + - value: DEBUG + description: DEBUG + - variable: http + label: HTTP + description: Whether to log http requests or not. + schema: + type: string + required: true + default: stdout + enum: + - value: stdout + description: stdout + - value: stderr + description: stderr + - value: file + description: File + - value: "off" + description: "Off" + - variable: echo + label: Echo + description: Echo has its own logging which usually is unnecessary, which is why it is disabled by default. + schema: + type: string + required: true + default: "off" + enum: + - value: stdout + description: stdout + - value: stderr + description: stderr + - value: file + description: File + - value: "off" + description: "Off" + - variable: events + label: Events + description: Whether or not to log events. + schema: + type: string + required: true + default: stdout + enum: + - value: stdout + description: stdout + - value: stderr + description: stderr + - value: file + description: File + - value: "off" + description: "Off" + - variable: eventslevel + label: Events Level + description: The log level for event log messages. + schema: + type: string + show_if: [["events", "!=", "off"]] + required: true + default: INFO + enum: + - value: INFO + description: INFO + - value: ERROR + description: ERROR + - value: DEBUG + description: DEBUG + - variable: defaultsettings + label: Default Settings + description: | + Provide default settings for new users. When a new user is created, these settings will automatically be set for the user. + If you change them in the config file afterwards they will not be changed back for existing users. + schema: + additional_attrs: true + type: dict + attrs: + - variable: avatar_provider + label: Avatar Provider + description: The avatar source for the user. + schema: + type: string + required: true + default: initials enum: - - value: user - description: "user" - - value: ip - description: "ip" - - variable: VIKUNJA_RATELIMIT_PERIOD - label: "VIKUNJA_RATELIMIT_PERIOD" - description: "The time period in seconds for the limit" + - value: initials + description: Initials + - value: gravatar + description: Gravatar + - value: marble + description: Marble + - value: upload + description: Upload + - variable: avatar_file_id + label: Avatar File ID + description: The id of the file used as avatar. + schema: + type: int + show_if: [["avatar_provider", "=", "upload"]] + required: true + default: 0 + - variable: email_reminders_enabled + label: Enable Email Reminders + description: If set to true users will get task reminders via email. + schema: + type: boolean + default: false + - variable: discoverable_by_name + label: Discoverable by Name + description: If set to true will allow other users to find this user when searching for parts of their name. + schema: + type: boolean + default: false + - variable: discoverable_by_email + label: Discoverable by E-Mail + description: If set to true will allow other users to find this user when searching for their exact email. + schema: + type: boolean + default: false + - variable: overdue_tasks_reminders_enabled + label: Enable Overdue Task Reminders + description: If set to true will send an email every day with all overdue tasks at a configured time. + schema: + type: boolean + default: false + - variable: overdue_tasks_reminders_time + label: Overdue Task Reminder Time + description: When to send the overdue task reminder email. + schema: + type: string + required: true + default: "09:00" + - variable: default_list_id + label: Default List ID + description: The id of the default list. Make sure users actually have access to this list when setting this value. schema: type: int required: true - default: 60 - - variable: VIKUNJA_RATELIMIT_LIMIT - label: "VIKUNJA_RATELIMIT_LIMIT" - description: "The max number of requests a user is allowed to do in the configured time period" + default: 0 + - variable: week_start + label: Week Start + description: Start of the week for the user. 0 is sunday, 1 is monday and so on. schema: type: int required: true - default: 100 - - variable: VIKUNJA_MAILER_ENABLED - label: "VIKUNJA_MAILER_ENABLED" - description: "Whether to enable the mailer or not. If it is disabled, all users are enabled right away and password reset is not possible." + default: 0 + - variable: language + label: Language + description: | + The language of the user interface. Must be an ISO 639-1 language code. + Will default to the browser language the user uses when signing up. + schema: + type: string + default: "" + - variable: timezone + label: Timezone + description: The time zone of each individual user. This will affect when users get reminders and overdue task emails. + schema: + type: string + default: "" + - variable: backgrounds + label: Backgrounds schema: - type: boolean - default: false - show_subquestions_if: true - subquestions: - - variable: VIKUNJA_MAILER_HOST - label: "VIKUNJA_MAILER_HOST" - description: "SMTP Host" - schema: - type: string - required: true - default: "" - - variable: VIKUNJA_MAILER_PORT - label: "VIKUNJA_MAILER_PORT" - description: "SMTP Host Port" - schema: - type: int - required: true - default: 587 - - variable: VIKUNJA_MAILER_USERNAME - label: "VIKUNJA_MAILER_USERNAME" - description: "SMTP username" - schema: - type: string - default: "" - - variable: VIKUNJA_MAILER_PASSWORD - label: "VIKUNJA_MAILER_PASSWORD" - description: "SMTP password" - schema: - type: string - private: true - default: "" - - variable: VIKUNJA_MAILER_FROMEMAIL - label: "VIKUNJA_MAILER_FROMEMAIL" - description: "The default from address when sending emails" - schema: - type: string - required: true - default: "" - - variable: VIKUNJA_MAILER_SKIPTLSVERIFY - label: "VIKUNJA_MAILER_SKIPTLSVERIFY" - description: "Wether to skip verification of the tls certificate on the server" + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable backgrounds for lists at all. schema: type: boolean default: false - - variable: VIKUNJA_MAILER_FORCESSL - label: "VIKUNJA_MAILER_FORCESSL" - description: "By default, vikunja will try to connect with starttls, use this option to force it to use ssl." + show_subquestions_if: true + subquestions: + - variable: providers + label: Providers + schema: + additional_attrs: true + type: dict + attrs: + - variable: upload + label: Upload + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable uploaded list backgrounds + schema: + type: boolean + default: true + - variable: unsplash + label: Unsplash + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable setting backgrounds from unsplash as list backgrounds + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: accesstoken + label: Access Token + description: | + You need to create an application for your installation at + https://unsplash.com/oauth/applications/new and set the access token below. + schema: + type: string + required: true + default: "" + - variable: applicationid + label: Application ID + description: The unsplash application id is only used for ping back and required as per their api guidelines. + schema: + type: string + required: true + default: "" + - variable: auth + label: Auth + schema: + additional_attrs: true + type: dict + attrs: + - variable: local + label: Local schema: - type: boolean - default: false - - variable: VIKUNJA_MAILER_QUEUELENGTH - label: "VIKUNJA_MAILER_QUEUELENGTH" - description: "The length of the mail queue." + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable or disable local authentication + schema: + type: boolean + default: true + - variable: openid + label: OpenID schema: - type: int - required: true - default: 100 - - variable: VIKUNJA_MAILER_QUEUETIMEOUT - label: "VIKUNJA_MAILER_QUEUETIMEOUT" - description: "The timeout in seconds after which the current open connection to the mailserver will be closed." + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Enable or disable OpenID Connect authentication + schema: + type: boolean + default: true + show_subquestions_if: true + subquestions: + - variable: redirecturl + label: Redirect URL + description: The URL to redirect clients to. Defaults to the configured frontend URL. + schema: + type: string + default: "" + - variable: providers + label: Providers + schema: + additional_attrs: true + type: list + default: [] + items: + - variable: providerEntry + label: "" + schema: + additional_attrs: true + type: dict + attrs: + - variable: name + label: Name + description: The name of the provider as it will appear in the frontend. + schema: + type: string + required: true + default: "" + - variable: authurl + label: Auth URL + description: The auth url to send users to if they want to authenticate using OpenID Connect. + schema: + type: string + required: true + default: "" + - variable: logouturl + label: Logout URL + description: The oidc logout url that users will be redirected to on logout. + schema: + type: string + default: "" + - variable: clientid + label: Client ID + description: The client ID used to authenticate Vikunja at the OpenID Connect provider. + schema: + type: string + required: true + default: "" + - variable: clientsecret + label: Client Secret + description: The client secret used to authenticate Vikunja at the OpenID Connect provider. + schema: + type: string + required: true + default: "" + - variable: migration + label: Migration + schema: + additional_attrs: true + type: dict + attrs: + - variable: todoist + label: Todoist schema: - type: int - required: true - default: 30 + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable the todoist migrator or not + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: clientid + label: Client ID + description: | + The client id, required for making requests to the todoist api + You need to register your vikunja instance at https://developer.todoist.com/appconsole.html to get this + schema: + type: string + required: true + default: "" + - variable: clientsecret + label: Client Secret + description: The client secret, also required for making requests to the todoist api + schema: + type: string + required: true + default: "" + - variable: redirecturl + label: Redirect URL + description: The url where clients are redirected after they authorized Vikunja to access their todoist items. + schema: + type: string + required: true + default: /migrate/todoist + - variable: trello + label: Trello + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Whether to enable the trello migrator or not + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: key + label: Key + description: | + The client id, required for making requests to the trello api. + You need to register your vikunja instance at https://trello.com/app-key, + (log in before you visit that link) to get this. + schema: + type: string + required: true + default: "" + - variable: redirecturl + label: Redirect URL + description: The url where clients are redirected after they authorized Vikunja to access their trello cards. + schema: + type: string + required: true + default: /migrate/trello + - variable: microsofttodo + label: Microsoft To Do + schema: + additional_attrs: true + type: dict + attrs: + - variable: enabled + label: Enabled + description: Wheter to enable the microsoft todo migrator or not + schema: + type: boolean + default: false + show_subquestions_if: true + subquestions: + - variable: clientid + label: Client ID + description: | + The client id, required for making requests to the microsoft graph api + See https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application + for information about how to register your Vikunja instance. + schema: + type: string + required: true + default: "" + - variable: clientsecret + label: Client Secret + description: The client secret, also required for making requests to the microsoft graph api + schema: + type: string + required: true + default: "" + - variable: redirecturl + label: Redirect URL + description: The url where clients are redirected after they authorized Vikunja to access their microsoft todo tasks. + schema: + type: string + required: true + default: /migrate/microsoft-todo # Include{containerConfig} # Include{serviceRoot} - variable: main - label: "Main Service" - description: "The Primary service on which the healthcheck runs, often the webUI" + label: Main Service + description: The Primary service on which the healthcheck runs, often the webUI schema: additional_attrs: true type: dict @@ -224,14 +845,14 @@ questions: # Include{serviceSelectorLoadBalancer} # Include{serviceSelectorExtras} - variable: main - label: "Main Service Port Configuration" + label: Main Service Port Configuration schema: additional_attrs: true type: dict attrs: - variable: port - label: "Port" - description: "This port exposes the container port on the service" + label: Port + description: This port exposes the container port on the service schema: type: int default: 10220 @@ -242,8 +863,8 @@ questions: # Include{serviceList} # Include{persistenceRoot} - variable: files - label: "App Files Storage" - description: "Stores the Application Files." + label: App Files Storage + description: Stores the Application Files. schema: additional_attrs: true type: dict @@ -252,7 +873,7 @@ questions: # Include{persistenceList} # Include{ingressRoot} - variable: main - label: "Main Ingress" + label: Main Ingress schema: additional_attrs: true type: dict @@ -264,46 +885,47 @@ questions: # Include{security} # Include{securityContextAdvancedRoot} - variable: privileged - label: "Privileged mode" + label: Privileged mode schema: type: boolean default: false - variable: readOnlyRootFilesystem - label: "ReadOnly Root Filesystem" + label: ReadOnly Root Filesystem schema: type: boolean default: false - variable: allowPrivilegeEscalation - label: "Allow Privilege Escalation" + label: Allow Privilege Escalation schema: type: boolean default: false - variable: runAsNonRoot - label: "runAsNonRoot" + label: runAsNonRoot schema: type: boolean default: false # Include{podSecurityContextRoot} - variable: runAsUser - label: "runAsUser" - description: "The UserID of the user running the application" + label: runAsUser + description: The UserID of the user running the application schema: type: int default: 0 - variable: runAsGroup - label: "runAsGroup" - description: "The groupID this App of the user running the application" + label: runAsGroup + description: The groupID this App of the user running the application schema: type: int default: 0 - variable: fsGroup - label: "fsGroup" - description: "The group that should own ALL storage." + label: fsGroup + description: The group that should own ALL storage. schema: type: int default: 568 # Include{podSecurityContextAdvanced} # Include{resources} +# Include{metrics} # Include{advanced} # Include{addons} # Include{codeserver} diff --git a/charts/stable/vikunja/templates/_secrets.tpl b/charts/stable/vikunja/templates/_secrets.tpl index d3f96474240..935a1c78fa6 100644 --- a/charts/stable/vikunja/templates/_secrets.tpl +++ b/charts/stable/vikunja/templates/_secrets.tpl @@ -1,20 +1,189 @@ {{/* Define the secrets */}} {{- define "vikunja.secrets" -}} ---- +{{- $secretName := printf "%s-secret" (include "tc.common.names.fullname" .) -}} +{{- $secretStorage := printf "%s-storage-secret" (include "tc.common.names.fullname" .) -}} + +{{- $jwtSecret := randAlphaNum 32 -}} +{{- with lookup "v1" "Secret" .Release.Namespace $secretStorage -}} + {{- $jwtSecret = index .data "JWT_SECRET" | b64dec -}} +{{- end }} +--- apiVersion: v1 kind: Secret type: Opaque metadata: - name: vikunja-secrets -{{- $vikunjaprevious := lookup "v1" "Secret" .Release.Namespace "vikunja-secrets" }} -{{- $jwt_secret := "" }} + name: {{ $secretStorage }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} data: - {{- if $vikunjaprevious}} - VIKUNJA_SERVICE_JWT_SECRET: {{ index $vikunjaprevious.data "VIKUNJA_SERVICE_JWT_SECRET" }} - {{- else }} - {{- $jwt_secret := randAlphaNum 32 }} - VIKUNJA_SERVICE_JWT_SECRET: {{ $jwt_secret | b64enc }} - {{- end }} + JWT_SECRET: {{ $jwtSecret | b64enc }} +--- +apiVersion: v1 +kind: Secret +type: Opaque +metadata: + name: {{ $secretName }} + labels: + {{- include "tc.common.labels" . | nindent 4 }} +stringData: + config.yml: | + database: + type: postgres + user: {{ .Values.postgresql.postgresqlUsername }} + password: {{ .Values.postgresql.postgresqlPassword | trimAll "\"" }} + host: {{ printf "%v-%v" .Release.Name "postgres" }} + cache: + enabled: true + type: redis + + redis: + enabled: true + host: {{ printf "%v-%v:%v" .Release.Name "redis" "6379" }} + password: {{ .Values.redis.redisPassword | trimAll "\""}} + db: 0 + + keyvalue: + type: redis + + service: + interface: ":3456" + JWTSecret: {{ $jwtSecret }} + timezone: {{ .Values.TZ | quote }} + jwtttl: {{ .Values.vikunja.service.jwtttl | int }} + jwtttllong: {{ .Values.vikunja.service.jwtttllong | int }} + frontendurl: {{ .Values.vikunja.service.frontendurl | quote }} + maxitemsperpage: {{ .Values.vikunja.service.maxitemsperpage }} + enablecaldav: {{ .Values.vikunja.service.enablecaldav }} + motd: {{ .Values.vikunja.service.motd | quote }} + enablelinksharing: {{ .Values.vikunja.service.enablelinksharing }} + enableregistration: {{ .Values.vikunja.service.enableregistration }} + enabletaskattachments: {{ .Values.vikunja.service.enabletaskattachments }} + enabletaskcomments: {{ .Values.vikunja.service.enabletaskcomments }} + enabletotp: {{ .Values.vikunja.service.enabletotp }} + enableemailreminders: {{ .Values.vikunja.service.enableemailreminders }} + enableuserdeletion: {{ .Values.vikunja.service.enableuserdeletion }} + maxavatarsize: {{ .Values.vikunja.service.maxavatarsize }} + + metrics: + enabled: {{ .Values.metrics.enabled }} + + cors: + enabled: {{ .Values.vikunja.cors.enabled }} + {{- with .Values.vikunja.cors.origins }} + origins: + {{- range . }} + - {{ . | quote }} + {{- end }} + {{- else }} + origins: [] + {{- end }} + maxage: {{ .Values.vikunja.cors.maxage }} + + mailer: + enabled: {{ .Values.vikunja.mailer.enabled }} + host: {{ .Values.vikunja.mailer.host | quote }} + port: {{ .Values.vikunja.mailer.port }} + authtype: {{ .Values.vikunja.mailer.authtype | quote }} + username: {{ .Values.vikunja.mailer.username | quote }} + password: {{ .Values.vikunja.mailer.password | quote }} + skiptlsverify: {{ .Values.vikunja.mailer.skiptlsverify }} + fromemail: {{ .Values.vikunja.mailer.fromemail | quote }} + queuelength: {{ .Values.vikunja.mailer.queuelength }} + queuetimeout: {{ .Values.vikunja.mailer.queuetimeout }} + forcessl: {{ .Values.vikunja.mailer.forcessl }} + + log: + enabled: {{ .Values.vikunja.log.enabled }} + path: {{ .Values.vikunja.log.path | quote }} + standard: {{ .Values.vikunja.log.standard | quote }} + level: {{ .Values.vikunja.log.level | quote }} + database: {{ .Values.vikunja.log.database | quote }}} + databaselevel: {{ .Values.vikunja.log.databaselevel | quote }} + http: {{ .Values.vikunja.log.http | quote }} + echo: {{ .Values.vikunja.log.echo | quote }}} + events: {{ .Values.vikunja.log.events | quote }} + eventslevel: {{ .Values.vikunja.log.eventslevel | quote }} + + ratelimit: + enabled: {{ .Values.vikunja.ratelimit.enabled }}} + kind: {{ .Values.vikunja.ratelimit.kind | quote }} + period: {{ .Values.vikunja.ratelimit.period }} + limit: {{ .Values.vikunja.ratelimit.limit }} + store: redis + + files: + maxsize: {{ .Values.vikunja.files.maxsize }} + + avatar: + gravatarexpiration: {{ .Values.vikunja.avatar.gravatarexpiration }} + + legal: + imprinturl: {{ .Values.vikunja.legal.imprinturl | quote }} + privacyurl: {{ .Values.vikunja.legal.privacyurl | quote }} + + backgrounds: + enabled: {{ .Values.vikunja.backgrounds.enabled }} + providers: + upload: + enabled: {{ .Values.vikunja.backgrounds.providers.upload.enabled }} + unsplash: + enabled: {{ .Values.vikunja.backgrounds.providers.unsplash.enabled }} + accesstoken: {{ .Values.vikunja.backgrounds.providers.unsplash.accesstoken | quote }} + applicationid: {{ .Values.vikunja.backgrounds.providers.unsplash.applicationid | quote }} + + migration: + todoist: + enable: {{ .Values.vikunja.migration.todoist.enable }} + clientid: {{ .Values.vikunja.migration.todoist.clientid | quote }} + clientsecret: {{ .Values.vikunja.migration.todoist.clientsecret | quote }} + redirecturl: {{ .Values.vikunja.migration.todoist.redirecturl | quote }} + trello: + enable: {{ .Values.vikunja.migration.trello.enable }} + key: {{ .Values.vikunja.migration.trello.key | quote }} + redirecturl: {{ .Values.vikunja.migration.trello.redirecturl | quote }} + microsofttodo: + enable: {{ .Values.vikunja.migration.microsofttodo.enable }} + clientid: {{ .Values.vikunja.migration.microsofttodo.clientid | quote }} + clientsecret: {{ .Values.vikunja.migration.microsofttodo.clientsecret | quote }} + redirecturl: {{ .Values.vikunja.migration.microsofttodo.redirecturl | quote }} + + auth: + local: + enabled: {{ .Values.vikunja.auth.local.enabled }} + openid: + enabled: {{ .Values.vikunja.auth.openid.enabled }} + {{- with .Values.vikunja.auth.openid.redirecturl }} + redirecturl: {{ . | quote }} + {{- end }} + {{- with .Values.vikunja.auth.openid.providers }} + providers: + {{- range . }} + - name: {{ .name | quote }} + authurl: {{ .authurl | quote }} + {{- with .logouturl }} + logouturl: {{ . | quote }} + {{- end }} + clientid: {{ .clientid | quote }} + clientsecret: {{ .clientsecret | quote }} + {{- end }} + {{- end }} + + defaultsettings: + avatar_provider: {{ .Values.vikunja.defaultsettings.avatar_provider | quote }} + avatar_file_id: {{ .Values.vikunja.defaultsettings.avatar_file_id }} + email_reminders_enabled: {{ .Values.vikunja.defaultsettings.email_reminders_enabled }} + discoverable_by_name: {{ .Values.vikunja.defaultsettings.discoverable_by_name }} + discoverable_by_email: {{ .Values.vikunja.defaultsettings.discoverable_by_email }} + overdue_tasks_reminders_enabled: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_enabled }} + overdue_tasks_reminders_time: {{ .Values.vikunja.defaultsettings.overdue_tasks_reminders_time | quote }} + default_list_id: {{ .Values.vikunja.defaultsettings.default_list_id }} + week_start: {{ .Values.vikunja.defaultsettings.week_start }} + {{- with .Values.vikunja.defaultsettings.language }} + language: {{ . | quote }} + {{- end }} + {{- with .Values.vikunja.defaultsettings.timezone }} + timezone: {{ . | quote }} + {{- end }} {{- end -}} diff --git a/charts/stable/vikunja/values.yaml b/charts/stable/vikunja/values.yaml index c70cd6608e4..fbe41fabde3 100644 --- a/charts/stable/vikunja/values.yaml +++ b/charts/stable/vikunja/values.yaml @@ -21,88 +21,139 @@ podSecurityContext: runAsGroup: 0 configmap: - config: + nginx-config: enabled: true data: - nginx-config: |- + nginx-config: | server { - listen 8080; + listen {{ .Values.service.main.ports.main.port }}; location / { proxy_pass http://localhost:80; } location ~* ^/(api|dav|\.well-known)/ { proxy_pass http://localhost:3456; - client_max_body_size {{ .Values.env.VIKUNJA_FILES_MAXSIZE | upper | trimSuffix "B" }}; + client_max_body_size {{ .Values.vikunja.files.maxsize | upper | trimSuffix "B" }}; } } -env: - VIKUNJA_REDIS_ENABLED: 1 - VIKUNJA_CACHE_ENABLED: 1 - VIKUNJA_CACHE_TYPE: "redis" - VIKUNJA_DATABASE_TYPE: "postgres" - VIKUNJA_DATABASE_USER: "{{ .Values.postgresql.postgresqlUsername }}" - VIKUNJA_DATABASE_DATABASE: "{{ .Values.postgresql.postgresDatabase }}" - VIKUNJA_SERVICE_TIMEZONE: "{{ .Values.TZ }}" - # User Defined - VIKUNJA_SERVICE_FRONTENDURL: "http://localhost:8080" - VIKUNJA_SERVICE_JWTTTL: 259200 - VIKUNJA_SERVICE_JWTTTLLONG: 2592000 - VIKUNJA_SERVICE_MAXITEMSPERPAGE: 50 - VIKUNJA_FILES_MAXSIZE: "20MB" - VIKUNJA_SERVICE_ENABLECALDAV: true - VIKUNJA_SERVICE_ENABLELINKSHARING: true - VIKUNJA_SERVICE_ENABLEREGISTRATION: true - VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: true - VIKUNJA_SERVICE_ENABLETASKCOMMENTS: true - VIKUNJA_SERVICE_ENABLETOTP: true - VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: true - VIKUNJA_SERVICE_ENABLEUSERDELETION: true - VIKUNJA_BACKGROUNDS_ENABLED: true - VIKUNJA_RATELIMIT_ENABLED: false - VIKUNJA_RATELIMIT_PERIOD: 60 - VIKUNJA_RATELIMIT_LIMIT: 100 - # VIKUNJA_MAILER_HOST: "" - # VIKUNJA_MAILER_PORT: 587 - # VIKUNJA_MAILER_USERNAME: "" - # VIKUNJA_MAILER_PASSWORD: "" - # VIKUNJA_MAILER_FROMEMAIL: "" - # VIKUNJA_MAILER_SKIPTLSVERIFY: false - # VIKUNJA_MAILER_FORCESSL: false - # VIKUNJA_MAILER_QUEUELENGTH: 100 - # VIKUNJA_MAILER_QUEUETIMEOUT: 30 - VIKUNJA_DATABASE_HOST: - secretKeyRef: - name: dbcreds - key: plainhost - VIKUNJA_DATABASE_PASSWORD: - secretKeyRef: - name: dbcreds - key: postgresql-password - VIKUNJA_REDIS_HOST: - secretKeyRef: - name: rediscreds - key: plainporthost - VIKUNJA_REDIS_PASSWORD: - secretKeyRef: - name: rediscreds - key: redis-password - VIKUNJA_SERVICE_JWT_SECRET: - secretKeyRef: - name: vikunja-secrets - key: VIKUNJA_SERVICE_JWT_SECRET +vikunja: + service: + jwtttl: 259200 + jwtttllong: 2592000 + motd: Welcome to your new Vikunja instance + frontendurl: http://localhost:10220 + maxitemsperpage: 50 + enablecaldav: true + enablelinksharing: true + enableregistration: true + enabletaskattachments: true + enabletaskcomments: true + enabletotp: true + enableemailreminders: true + enableuserdeletion: true + maxavatarsize: 1024 + cors: + enabled: true + origins: [] + maxage: 0 + ratelimit: + enabled: false + kind: user + period: 60 + limit: 100 + files: + maxsize: 20MB + avatar: + gravatarexpiration: 3600 + legal: + imprinturl: "" + privacyurl: "" + mailer: + enabled: false + host: "" + port: 587 + authtype: plain + username: "" + password: "" + fromemail: "" + skiptlsverify: false + forcessl: true + queuelength: 100 + queuetimeout: 30 + log: + enabled: true + path: /app/vikunja/logs + standard: stdout + level: INFO + database: "off" + databaselevel: WARNING + http: stdout + echo: "off" + events: stdout + eventslevel: info + defaultsettings: + avatar_provider: initials + avatar_file_id: 0 + email_reminders_enabled: false + discoverable_by_name: false + discoverable_by_email: false + overdue_tasks_reminders_enabled: true + overdue_tasks_reminders_time: "9:00" + default_list_id: 0 + week_start: 0 + language: "" + timezone: "" + backgrounds: + enabled: true + providers: + upload: + enabled: true + unsplash: + enabled: false + accesstoken: "" + applicationid: "" + auth: + local: + enabled: true + openid: + enabled: false + redirecturl: "" + providers: + [] + # - name: "" + # authurl: "" + # logouturl: "" + # clientid: "" + # clientsecret: "" + migration: + todoist: + enable: false + clientid: "" + clientsecret: "" + redirecturl: "" + trello: + enable: false + key: "" + redirecturl: "" + microsofttodo: + enable: false + clientid: "" + clientsecret: "" + redirecturl: "" service: main: ports: main: port: 10220 - targetPort: 8080 additionalContainers: frontend: name: frontend image: "{{ .Values.frontendImage.repository }}:{{ .Values.frontendImage.tag }}" + ports: + - containerPort: 80 + name: http proxy: name: proxy image: "{{ .Values.nginxImage.repository }}:{{ .Values.nginxImage.tag }}" @@ -110,33 +161,65 @@ additionalContainers: - containerPort: 8080 name: main volumeMounts: - - name: vikunja-config - mountPath: "/etc/nginx/conf.d/default.conf" + - name: vikunja-nginx + mountPath: /etc/nginx/conf.d/default.conf subPath: nginx-config readOnly: true persistence: files: enabled: true - mountPath: "/app/vikunja/files" + mountPath: /app/vikunja/files + vikunja-nginx: + enabled: true + noMount: true + mountPath: /etc/nginx/conf.d/default.conf + subPath: nginx-config + type: configMap + objectName: '{{ template "tc.common.names.fullname" . }}-nginx-config' vikunja-config: - enabled: "true" - mountPath: "/etc/nginx/conf.d/default.conf" - subPath: "nginx-config" - type: "custom" - volumeSpec: - configMap: - name: '{{ printf "%v-config" (include "tc.common.names.fullname" .) }}' + enabled: true + mountPath: /etc/vikunja + subPath: config.yml + type: secret + objectName: '{{ template "tc.common.names.fullname" . }}-secret' + +metrics: + # -- Enable and configure a Prometheus serviceMonitor for the chart under this key. + # @default -- See values.yaml + enabled: true + serviceMonitor: + interval: 1m + scrapeTimeout: 30s + labels: {} + # -- Enable and configure Prometheus Rules for the chart under this key. + # @default -- See values.yaml + prometheusRule: + enabled: false + labels: {} + # -- Configure additionial rules for the chart under this key. + # @default -- See prometheusrules.yaml + rules: + [] + # - alert: UnifiPollerAbsent + # annotations: + # description: Unifi Poller has disappeared from Prometheus service discovery. + # summary: Unifi Poller is down. + # expr: | + # absent(up{job=~".*unifi-poller.*"} == 1) + # for: 5m + # labels: + # severity: critical postgresql: enabled: true - existingSecret: "dbcreds" + existingSecret: dbcreds postgresqlUsername: vikunja postgresqlDatabase: vikunja redis: enabled: true - existingSecret: "rediscreds" + existingSecret: rediscreds portal: enabled: true diff --git a/cspell.config.yaml b/cspell.config.yaml index 14c00dba62e..f3f53702163 100644 --- a/cspell.config.yaml +++ b/cspell.config.yaml @@ -274,6 +274,7 @@ words: - themenamehere - tlsoptions - tlsstores + - TOTP - traefik - traefikservices - Traggo @@ -292,6 +293,7 @@ words: - valheim - vaultwarden - vdev + - vikunja - vm's - wakeup - watchyourlan