feat(Drone Server): Add external parameter for network

Reviewed-on: #73

drone/server/docker-compose.traefik.yml

@@ -5,6 +5,7 @@ version: "3.8"
 networks:
   default:
     name: ${TRAEFIK_NETWORK_NAME}
+    external: true
 
 services:
   drone-server:

nextcloud/docker-compose.config.yml

@@ -1,4 +1,5 @@
 ---
+
 version: "3.8"
 
 services:

nextcloud/docker-compose.local.yml

@@ -1,3 +1,5 @@
+---
+
 version: "3.8"
 
 services:

nextcloud/docker-compose.postgres.yml

@@ -0,0 +1,18 @@
+---
+
+version: "3.8"
+
+services:
+  nextcloud-fpm:
+    depends_on:
+      - postgres
+    environment:
+      &postgres-configuration
+      POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
+      POSTGRES_USER: ${POSTGRES_USER:?err}
+      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
+      POSTGRES_DB: ${POSTGRES_DB:?err}
+
+  nextcloud-cron:
+    environment:
+      <<: *postgres-configuration

nextcloud/docker-compose.redis.yml

@@ -0,0 +1,15 @@
+---
+
+version: "3.8"
+
+services:
+  nextcloud-fpm:
+    depends_on:
+      - redis
+    environment:
+      &redis-configuration
+      REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
+
+  nextcloud-cron:
+    environment:
+      <<: *redis-configuration

nextcloud/docker-compose.smtp.yml

@@ -1,3 +1,5 @@
+---
+
 version: "3.8"
 
 services:

nextcloud/docker-compose.traefik.yml

@@ -1,3 +1,5 @@
+---
+
 version: "3.8"
 
 networks:

nextcloud/docker-compose.yml

@@ -1,3 +1,5 @@
+---
+
 version: "3.8"
 
 volumes:
@@ -9,9 +11,6 @@ services:
     container_name: ${NEXTCLOUD_CONTAINER_NAME:-nextcloud}-fpm
     image: ${NEXTCLOUD_IMAGE:-nextcloud:25.0.2-fpm-alpine}
     restart: always
-    depends_on:
-      - postgres
-      - redis
     volumes:
       - nextcloud:/var/www/html
       - /etc/timezone:/etc/timezone:ro
@@ -23,11 +22,6 @@ services:
       NEXTCLOUD_ADMIN_PASSWORD: ${NEXTCLOUD_ADMIN_PASSWORD?err}
       OVERWRITEPROTOCOL: ${OVERWRITEPROTOCOL:-https}
       PHP_UPLOAD_LIMIT: ${PHP_UPLOAD_LIMIT:-512M}
-      POSTGRES_HOST: ${POSTGRES_CONTAINER_NAME:-postgres} # Default name is same as ../postgres/docker-compose.yml:8
-      POSTGRES_USER: ${POSTGRES_USER:?err}
-      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD:?err}
-      POSTGRES_DB: ${POSTGRES_DB:?err}
-      REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis} # Default name is same as ../redis/docker-compose.yml:4
       PUID: ${NEXTCLOUD_PUID:-1000}
       PGID: ${NEXTCLOUD_PGID:-1000}
 

nextcloud/web/Dockerfile

@@ -1,3 +1,3 @@
-FROM nginx:1.23.3-alpine
+FROM nginx:1.25.3-alpine
 
 COPY nextcloud.conf.template /etc/nginx/templates/default.conf.template

nextcloud/web/nextcloud.conf.template

@@ -2,64 +2,32 @@ upstream php-handler {
     server ${NEXTCLOUD_FPM_CONTAINER_NAME}:9000;
 }
 
+# Set the `immutable` cache control options only for assets with a cache busting `v` argument
+map $arg_v $asset_immutable {
+    "" "";
+    default "immutable";
+}
+
 server {
     listen 80;
 
-    # Add headers to serve security related headers
+    # Path to the root of your installation
-    # Before enabling Strict-Transport-Security headers please read into this
+    root /var/www/html;
-    # topic first.
+
-    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
+    # Prevent nginx HTTP Server Detection
-    #
+    server_tokens off;
+
+    # HSTS settings
     # WARNING: Only add the preload option once you read about
     # the consequences in https://hstspreload.org/. This option
     # will add the domain to a hardcoded list that is shipped
     # in all major browsers and getting removed from this list
     # could take several months.
-    add_header Referrer-Policy "no-referrer" always;
+    #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always;
-    add_header X-Content-Type-Options "nosniff" always;
-    add_header X-Download-Options "noopen" always;
-    add_header X-Frame-Options "SAMEORIGIN" always;
-    add_header X-Permitted-Cross-Domain-Policies "none" always;
-    add_header X-Robots-Tag "none" always;
-    add_header X-XSS-Protection "1; mode=block" always;
 
-    # Remove X-Powered-By, which is an information leak
+    # set max upload size and increase upload timeout:
-    fastcgi_hide_header X-Powered-By;
-
-    # Path to the root of your installation
-    root /var/www/html;
-
-    location = /robots.txt {
-        allow all;
-        log_not_found off;
-        access_log off;
-    }
-
-    # The following 2 rules are only needed for the user_webfinger app.
-    # Uncomment it if you're planning to use this app.
-    #rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
-    #rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
-
-    # The following rule is only needed for the Social app.
-    # Uncomment it if you're planning to use this app.
-    #rewrite ^/.well-known/webfinger /public.php?service=webfinger last;
-
-    location = /.well-known/carddav {
-        return 301 $scheme://$host:$server_port/remote.php/dav;
-    }
-
-    location = /.well-known/caldav {
-        return 301 $scheme://$host:$server_port/remote.php/dav;
-    }
-
-    # location /nginx_status {
-    #     stub_status;
-    #     allow 192.168.1.0/24;	#only allow requests from local network
-    #     deny all;		#deny all other hosts
-    # }
-
-    # set max upload size
     client_max_body_size 10G;
+    client_body_timeout 300s;
     fastcgi_buffers 64 4K;
 
     # Enable gzip but do not remove ETag headers
@@ -68,78 +36,137 @@ server {
     gzip_comp_level 4;
     gzip_min_length 256;
     gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
-    gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
+    gzip_types application/atom+xml text/javascript application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/wasm application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
 
-    # Uncomment if your server is build with the ngx_pagespeed module
+    # Pagespeed is not supported by Nextcloud, so if your server is built
-    # This module is currently not supported.
+    # with the `ngx_pagespeed` module, uncomment this line to disable it.
     #pagespeed off;
 
-    location / {
+    # The settings allows you to optimize the HTTP2 bandwidth.
-        rewrite ^ /index.php;
+    # See https://blog.cloudflare.com/delivering-http-2-upload-speed-improvements/
-    }
+    # for tuning hints
+    client_body_buffer_size 512k;
 
-    location ~ ^\/(?:build|tests|config|lib|3rdparty|templates|data)\/ {
+    # HTTP response headers borrowed from Nextcloud `.htaccess`
-        deny all;
-    }
-    location ~ ^\/(?:\.|autotest|occ|issue|indie|db_|console) {
-        deny all;
-    }
-
-    location ~ ^\/(?:index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+)\.php(?:$|\/) {
-        fastcgi_split_path_info ^(.+?\.php)(\/.*|)$;
-        set $path_info $fastcgi_path_info;
-        try_files $fastcgi_script_name =404;
-        include fastcgi_params;
-        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
-        fastcgi_param PATH_INFO $path_info;
-        # fastcgi_param HTTPS on;
-
-        # Avoid sending the security headers twice
-        fastcgi_param modHeadersAvailable true;
-
-        # Enable pretty urls
-        fastcgi_param front_controller_active true;
-        fastcgi_pass php-handler;
-        fastcgi_intercept_errors on;
-        fastcgi_request_buffering off;
-    }
-
-    location ~ ^\/(?:updater|oc[ms]-provider)(?:$|\/) {
-        try_files $uri/ =404;
-        index index.php;
-    }
-
-    # Adding the cache control header for js, css and map files
-    # Make sure it is BELOW the PHP block
-    location ~ \.(?:css|js|woff2?|svg|gif|map)$ {
-        try_files $uri /index.php$request_uri;
-        add_header Cache-Control "public, max-age=15778463";
-        # Add headers to serve security related headers (It is intended to
-        # have those duplicated to the ones above)
-        # Before enabling Strict-Transport-Security headers please read into
-        # this topic first.
-        #add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;" always;
-        #
-        # WARNING: Only add the preload option once you read about
-        # the consequences in https://hstspreload.org/. This option
-        # will add the domain to a hardcoded list that is shipped
-        # in all major browsers and getting removed from this list
-        # could take several months.
     add_header Referrer-Policy                   "no-referrer"       always;
     add_header X-Content-Type-Options            "nosniff"           always;
     add_header X-Download-Options "noopen" always;
     add_header X-Frame-Options                   "SAMEORIGIN"        always;
     add_header X-Permitted-Cross-Domain-Policies "none"              always;
-        add_header X-Robots-Tag "none" always;
+    add_header X-Robots-Tag                      "noindex, nofollow" always;
     add_header X-XSS-Protection                  "1; mode=block"     always;
 
-        # Optional: Don't log access to assets
+    # Remove X-Powered-By, which is an information leak
+    fastcgi_hide_header X-Powered-By;
+
+    # Add .mjs as a file extension for javascript
+    # Either include it in the default mime.types list
+    # or include you can include that list explicitly and add the file extension
+    # only for Nextcloud like below:
+    include mime.types;
+    types {
+        text/javascript js mjs;
+    }
+
+    # Specify how to handle directories -- specifying `/index.php$request_uri`
+    # here as the fallback means that Nginx always exhibits the desired behaviour
+    # when a client requests a path that corresponds to a directory that exists
+    # on the server. In particular, if that directory contains an index.php file,
+    # that file is correctly served; if it doesn't, then the request is passed to
+    # the front-end controller. This consistent behaviour means that we don't need
+    # to specify custom rules for certain paths (e.g. images and other assets,
+    # `/updater`, `/ocs-provider`), and thus
+    # `try_files $uri $uri/ /index.php$request_uri`
+    # always provides the desired behaviour.
+    index index.php index.html /index.php$request_uri;
+
+    # Rule borrowed from `.htaccess` to handle Microsoft DAV clients
+    location = / {
+        if ( $http_user_agent ~ ^DavClnt ) {
+            return 302 /remote.php/webdav/$is_args$args;
+        }
+    }
+
+    location = /robots.txt {
+        allow all;
+        log_not_found off;
         access_log off;
     }
 
-    location ~ \.(?:png|html|ttf|ico|jpg|jpeg|bcmap|mp4|webm)$ {
+    # Make a regex exception for `/.well-known` so that clients can still
+    # access it despite the existence of the regex rule
+    # `location ~ /(\.|autotest|...)` which would otherwise handle requests
+    # for `/.well-known`.
+    location ^~ /.well-known {
+        # The rules in this block are an adaptation of the rules
+        # in `.htaccess` that concern `/.well-known`.
+
+        location = /.well-known/carddav { return 301 /remote.php/dav/; }
+        location = /.well-known/caldav  { return 301 /remote.php/dav/; }
+
+        location /.well-known/acme-challenge    { try_files $uri $uri/ =404; }
+        location /.well-known/pki-validation    { try_files $uri $uri/ =404; }
+
+        # Let Nextcloud's API for `/.well-known` URIs handle all other
+        # requests by passing them to the front-end controller.
+        return 301 /index.php$request_uri;
+    }
+
+    # Rules borrowed from `.htaccess` to hide certain paths from clients
+    location ~ ^/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/)  { return 404; }
+    location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console)                { return 404; }
+
+    # Ensure this block, which passes PHP files to the PHP process, is above the blocks
+    # which handle static assets (as seen below). If this block is not declared first,
+    # then Nginx will encounter an infinite rewriting loop when it prepends `/index.php`
+    # to the URI, resulting in a HTTP 500 error response.
+    location ~ \.php(?:$|/) {
+        # Required for legacy support
+        rewrite ^/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) /index.php$request_uri;
+
+        fastcgi_split_path_info ^(.+?\.php)(/.*)$;
+        set $path_info $fastcgi_path_info;
+
+        try_files $fastcgi_script_name =404;
+
+        include fastcgi_params;
+        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
+        fastcgi_param PATH_INFO $path_info;
+        fastcgi_param HTTPS on;
+
+        fastcgi_param modHeadersAvailable true;         # Avoid sending the security headers twice
+        fastcgi_param front_controller_active true;     # Enable pretty urls
+        fastcgi_pass php-handler;
+
+        fastcgi_intercept_errors on;
+        fastcgi_request_buffering off;
+
+        fastcgi_max_temp_file_size 0;
+    }
+
+    # Serve static files
+    location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map|ogg|flac)$ {
         try_files $uri /index.php$request_uri;
-        # Optional: Don't log access to other assets
+        add_header Cache-Control "public, max-age=15778463, $asset_immutable";
-        access_log off;
+        access_log off;     # Optional: Don't log access to assets
+
+        location ~ \.wasm$ {
+            default_type application/wasm;
+        }
+    }
+
+    location ~ \.woff2?$ {
+        try_files $uri /index.php$request_uri;
+        expires 7d;         # Cache-Control policy borrowed from `.htaccess`
+        access_log off;     # Optional: Don't log access to assets
+    }
+
+    # Rule borrowed from `.htaccess`
+    location /remote {
+        return 301 /remote.php$request_uri;
+    }
+
+    location / {
+        try_files $uri $uri/ /index.php$request_uri;
     }
 }

vikunja/.env

@@ -9,13 +9,12 @@ COMPOSE_FILE=${SERVICES_DIR}/vikunja/docker-compose.yml:${SERVICES_DIR}/vikunja/
 
 ## APP
 
-#VIKUNJA_API_IMAGE=
+#VIKUNJA_IMAGE=
-#VIKUNJA_FRONTEND_IMAGE=
 VIKUNJA_CONTAINER_NAME=vikunja
 VIKUNJA_VOLUME_NAME=vikunja
 
 VIKUNJA_DOMAIN=vikunja.example.org
-VIKUNJA_SERVICE_FRONTENDURL=https://vikunja.example.org/
+VIKUNJA_SERVICE_PUBLICURL=https://vikunja.example.org/
 
 VIKUNJA_SERVICE_JWTSECRET=change-me
 #VIKUNJA_SERVICE_JWTTTL=259200

vikunja/docker-compose.database.yml

@@ -3,17 +3,22 @@ version: "3.8"
 # https://vikunja.io/docs/config-options/#database
 
 services:
-  vikunja_api:
+  vikunja:
     depends_on:
       - postgres
     environment:
       VIKUNJA_DATABASE_TYPE: ${VIKUNJA_DATABASE_TYPE:-postgres}
+
+      VIKUNJA_DATABASE_USER: ${POSTGRES_USER:?err}
+      VIKUNJA_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}
+      VIKUNJA_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8
+      VIKUNJA_DATABASE_DATABASE: ${POSTGRES_DB:?err}
+
       VIKUNJA_DATABASE_MAXOPENCONNECTIONS: ${VIKUNJA_DATABASE_MAXOPENCONNECTIONS:-100}
       VIKUNJA_DATABASE_MAXIDLECONNECTIONS: ${VIKUNJA_DATABASE_MAXIDLECONNECTIONS:-50}
       VIKUNJA_DATABASE_MAXCONNECTIONLIFETIME: ${VIKUNJA_DATABASE_MAXCONNECTIONLIFETIME:-10000}
       VIKUNJA_DATABASE_SSLMODE: ${VIKUNJA_DATABASE_SSLMODE:-disable}
-
+      VIKUNJA_DATABASE_SSLCERT: ${VIKUNJA_DATABASE_SSLCERT}
-      VIKUNJA_DATABASE_HOST: ${POSTGRES_CONTAINER_NAME:-postgres}:5432 # Default name is same as ../postgres/docker-compose.yml:8
+      VIKUNJA_DATABASE_SSLKEY: ${VIKUNJA_DATABASE_SSLKEY}
-      VIKUNJA_DATABASE_DATABASE: ${POSTGRES_DB:?err}
+      VIKUNJA_DATABASE_SSLROOTCERT: ${VIKUNJA_DATABASE_SSLROOTCERT}
-      VIKUNJA_DATABASE_USER: ${POSTGRES_USER:?err}
+      VIKUNJA_DATABASE_TLS: ${VIKUNJA_DATABASE_TLS:-false}
-      VIKUNJA_DATABASE_PASSWORD: ${POSTGRES_PASSWORD:?err}

vikunja/docker-compose.legal.yml

@@ -1,9 +0,0 @@
----
-
-version: "3.8"
-
-services:
-  vikunja_api:
-    environment:
-      VIKUNJA_LEGAL_IMPRINTURL: ${VIKUNJA_LEGAL_IMPRINTURL}
-      VIKUNJA_LEGAL_PRIVACYURL: ${VIKUNJA_LEGAL_PRIVACYURL}

vikunja/docker-compose.local.yml

@@ -1,11 +1,6 @@
 version: "3.8"
 
 services:
-  vikunja_api:
+  vikunja:
     ports:
       - 3456:3456
-  vikunja_frontend:
-    ports:
-      - ${LOCAL_PORT:-80}:80
-    environment:
-      VIKUNJA_API_URL: http://localhost:3456/api/v1

vikunja/docker-compose.logs.yml

@@ -1,17 +0,0 @@
-version: "3.8"
-
-# https://vikunja.io/docs/config-options/#log
-
-services:
-  vikunja_api:
-    environment:
-      # VIKUNJA_LOG_PATH
-      VIKUNJA_LOG_ENABLED: ${VIKUNJA_LOG_ENABLED:-true}
-      VIKUNJA_LOG_STANDARD: ${VIKUNJA_LOG_STANDARD:-stdout}
-      VIKUNJA_LOG_LEVEL: ${VIKUNJA_LOG_LEVEL:-INFO} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
-      VIKUNJA_LOG_DATABASE: ${VIKUNJA_LOG_DATABASE:-off} # Possible values are stdout, stderr, file or off to disable database
-      VIKUNJA_LOG_DATABASELEVEL: ${VIKUNJA_LOG_DATABASELEVEL:-WARNING} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG
-      VIKUNJA_LOG_HTTP: ${VIKUNJA_LOG_HTTP:-stdout} # Possible values are stdout, stderr, file or off to disable http logging.
-      VIKUNJA_LOG_ECHO: ${VIKUNJA_LOG_ECHO:-off} # Possible values are stdout, stderr, file or off to disable standard logging.
-      VIKUNJA_LOG_EVENTS: ${VIKUNJA_LOG_EVENTS:-stdout} # Possible values are stdout, stderr, file or off to disable events logging.
-      VIKUNJA_LOG_EVENTSLEVEL: ${VIKUNJA_LOG_EVENTSLEVEL:-INFO} # Possible values (case-insensitive) are ERROR, INFO, DEBUG.

vikunja/docker-compose.prometheus.yml

@@ -3,7 +3,7 @@ version: "3.8"
 # https://vikunja.io/docs/config-options/#metrics
 
 services:
-  vikunja_api:
+  vikunja:
     environment:
       VIKUNJA_METRICS_ENABLED: ${VIKUNJA_METRICS_ENABLED-:false}
       VIKUNJA_METRICS_USERNAME: ${VIKUNJA_METRICS_USERNAME}

vikunja/docker-compose.redis.yml

@@ -3,14 +3,11 @@ version: "3.8"
 # https://vikunja.io/docs/config-options/#redis
 
 services:
-  vikunja_api:
+  vikunja:
     depends_on:
       - redis
     environment:
-      VIKUNJA_CACHE_ENABLED: 'true'
-      VIKUNJA_CACHE_TYPE: redis
       VIKUNJA_REDIS_ENABLED: 'true'
-
       VIKUNJA_REDIS_HOST: ${REDIS_CONTAINER_NAME:-redis}:6379 # It's default port because we don't have yet configuration for redis port
-      #VIKUNJA_REDIS_PASSWORD: ${VIKUNJA_REDIS_PASSWORD} # We don't have yet configuration for redis with password
+      VIKUNJA_REDIS_PASSWORD: ${VIKUNJA_REDIS_PASSWORD} # We don't have yet configuration for redis with password
       VIKUNJA_REDIS_DB: 0 # It's default becouse we don't have yet configuration for redis database name

vikunja/docker-compose.smtp.yml

@@ -3,16 +3,17 @@ version: "3.8"
 # https://vikunja.io/docs/config-options/#mailer
 
 services:
-  vikunja_api:
+  vikunja:
     environment:
-      VIKUNJA_MAILER_ENABLED: ${VIKUNJA_MAILER_ENABLED:-true}
+      VIKUNJA_MAILER_ENABLED: true
+
+      VIKUNJA_MAILER_HOST: ${VIKUNJA_MAILER_HOST:?err}
+      VIKUNJA_MAILER_PORT: ${VIKUNJA_MAILER_PORT:?err}
+      VIKUNJA_MAILER_AUTHTYPE: ${VIKUNJA_MAILER_AUTHTYPE:-plain}
+      VIKUNJA_MAILER_USERNAME: ${VIKUNJA_MAILER_USERNAME:?err}
+      VIKUNJA_MAILER_PASSWORD: ${VIKUNJA_MAILER_PASSWORD:?err}
       VIKUNJA_MAILER_SKIPTLSVERIFY: ${VIKUNJA_MAILER_SKIPTLSVERIFY:-false}
+      VIKUNJA_MAILER_FROMEMAIL: ${VIKUNJA_MAILER_FROMEMAIL:?err}
       VIKUNJA_MAILER_QUEUELENGTH: ${VIKUNJA_MAILER_QUEUELENGTH:-100}
       VIKUNJA_MAILER_QUEUETIMEOUT: ${VIKUNJA_MAILER_QUEUETIMEOUT:-30}
       VIKUNJA_MAILER_FORCESSL: ${VIKUNJA_MAILER_FORCESSL:-false}
-
-      VIKUNJA_MAILER_HOST: ${VIKUNJA_MAILER_HOST:?err}
-      VIKUNJA_MAILER_PORT: ${VIKUNJA_MAILER_PORT:-587}
-      VIKUNJA_MAILER_USERNAME: ${VIKUNJA_MAILER_USERNAME:?err}
-      VIKUNJA_MAILER_PASSWORD: ${VIKUNJA_MAILER_PASSWORD:?err}
-      VIKUNJA_MAILER_FROMEMAIL: ${VIKUNJA_MAILER_FROMEMAIL:?err}

vikunja/docker-compose.traefik.yml

@@ -8,15 +8,9 @@ networks:
 # https://vikunja.io/docs/full-docker-example/#example-with-traefik-2
 
 services:
-  vikunja_api:
+  vikunja:
     labels:
       - traefik.enable=true
       - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-api.rule=Host(`${VIKUNJA_DOMAIN:?err}`) && PathPrefix(`/api/v1`, `/dav/`, `/.well-known/`)
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}.rule=Host(`${VIKUNJA_DOMAIN:?err}`)
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-api.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
+      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}
-  vikunja_frontend:
-    labels:
-      - traefik.enable=true
-      - traefik.docker.network=${TRAEFIK_NETWORK_NAME:-traefik}
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-frontend.rule=Host(`${VIKUNJA_DOMAIN:?err}`)
-      - traefik.http.routers.${TRAEFIK_ROUTER_NAME:-vikunja}-frontend.entrypoints=${TRAEFIK_ENTRYPOINTS:-web}

vikunja/docker-compose.unsplash.yml

@@ -0,0 +1,10 @@
+version: "3.8"
+
+# https://kolaente.dev/vikunja/vikunja/issues/1388
+
+services:
+  vikunja:
+    environment:
+      VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ENABLED: true
+      VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ACCESSTOKEN: ${VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_ACCESSTOKEN:?err}
+      VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_APPLICATIONID: ${VIKUNJA_BACKGROUNDS_PROVIDERS_UNSPLASH_APPLICATIONID:?err}

vikunja/docker-compose.yml

@@ -8,15 +8,33 @@ volumes:
     name: ${VIKUNJA_VOLUME_NAME:-vikunja}
 
 services:
-  vikunja_api:
+  vikunja:
-    container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}_api
+    container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}
-    image: ${VIKUNJA_API_IMAGE:-vikunja/api:0.21.0}
+    image: ${VIKUNJA_IMAGE:-vikunja/vikunja:0.23.0}
     restart: always
     environment:
+
+      VIKUNJA_AUTH_LOCAL_ENABLED: ${VIKUNJA_AUTH_LOCAL_ENABLED:-true}
+
+      VIKUNJA_AVATAR_GRAVATAREXPIRATION: ${VIKUNJA_AVATAR_GRAVATAREXPIRATION:-3600}
+
+      VIKUNJA_BACKGROUNDS_ENABLED: ${VIKUNJA_BACKGROUNDS_ENABLED:-true}
+      VIKUNJA_BACKGROUNDS_PROVIDERS_UPLOAD_ENABLED: ${VIKUNJA_BACKGROUNDS_PROVIDERS_UPLOAD_ENABLED:-true}
+
+      VIKUNJA_CORS_ENABLE: ${VIKUNJA_CORS_ENABLE:-false}
+      VIKUNJA_CORS_ORIGINS: ${VIKUNJA_CORS_ORIGINS}
+      VIKUNJA_CORS_MAXAGE: ${VIKUNJA_CORS_MAXAGE:-0}
+
       VIKUNJA_DATABASE_PATH: ${VIKUNJA_DATABASE_PATH:-./vikunja.db}
 
-      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME:-true}
+      VIKUNJA_DEFAULTSETTINGS_AVATAR_PROVIDER: ${VIKUNJA_DEFAULTSETTINGS_AVATAR_PROVIDER:-initials}
-      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL:-true}
+      VIKUNJA_DEFAULTSETTINGS_AVATAR_FILE_ID: ${VIKUNJA_DEFAULTSETTINGS_AVATAR_FILE_ID:-0}
+      VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_EMAIL_REMINDERS_ENABLED:-false}
+      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_NAME:-false}
+      VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL: ${VIKUNJA_DEFAULTSETTINGS_DISCOVERABLE_BY_EMAIL:-false}
+      VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_ENABLED:-true}
+      VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME: ${VIKUNJA_DEFAULTSETTINGS_OVERDUE_TASKS_REMINDERS_TIME:-9:00}
+      VIKUNJA_DEFAULTSETTINGS_DEFAULT_PROJECT_ID: ${VIKUNJA_DEFAULTSETTINGS_DEFAULT_PROJECT_ID:-0}
       VIKUNJA_DEFAULTSETTINGS_WEEK_START: ${VIKUNJA_DEFAULTSETTINGS_WEEK_START:-1}
       VIKUNJA_DEFAULTSETTINGS_LANGUAGE: ${VIKUNJA_DEFAULTSETTINGS_LANGUAGE:-fr-FR}
       VIKUNJA_DEFAULTSETTINGS_TIMEZONE: ${VIKUNJA_DEFAULTSETTINGS_TIMEZONE:-Europe/Paris}
@@ -24,22 +42,60 @@ services:
       VIKUNJA_FILES_BASEPATH: ${VIKUNJA_FILES_BASEPATH:-./files}
       VIKUNJA_FILES_MAXSIZE: ${VIKUNJA_FILES_MAXSIZE:-20MB}
 
+      VIKUNJA_KEYVALUE_TYPE: ${VIKUNJA_KEYVALUE_TYPE:-memory} # Can be either “memory” or “redis”. If “redis” is chosen it needs to be configured separately.
+
+      VIKUNJA_LEGAL_IMPRINTURL: ${VIKUNJA_LEGAL_IMPRINTURL}
+      VIKUNJA_LEGAL_PRIVACYURL: ${VIKUNJA_LEGAL_PRIVACYURL}
+
+      # VIKUNJA_LOG_PATH
+      VIKUNJA_LOG_ENABLED: ${VIKUNJA_LOG_ENABLED:-true}
+      VIKUNJA_LOG_STANDARD: ${VIKUNJA_LOG_STANDARD:-stdout}
+      VIKUNJA_LOG_LEVEL: ${VIKUNJA_LOG_LEVEL:-INFO} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG.
+      VIKUNJA_LOG_DATABASE: ${VIKUNJA_LOG_DATABASE:-off} # Possible values are stdout, stderr, file or off to disable database
+      VIKUNJA_LOG_DATABASELEVEL: ${VIKUNJA_LOG_DATABASELEVEL:-WARNING} # Possible values (case-insensitive) are CRITICAL, ERROR, WARNING, NOTICE, INFO, DEBUG
+      VIKUNJA_LOG_HTTP: ${VIKUNJA_LOG_HTTP:-stdout} # Possible values are stdout, stderr, file or off to disable http logging.
+      VIKUNJA_LOG_ECHO: ${VIKUNJA_LOG_ECHO:-off} # Possible values are stdout, stderr, file or off to disable standard logging.
+      VIKUNJA_LOG_EVENTS: ${VIKUNJA_LOG_EVENTS:-off} # Possible values are stdout, stderr, file or off to disable events logging.
+      VIKUNJA_LOG_EVENTSLEVEL: ${VIKUNJA_LOG_EVENTSLEVEL:-INFO} # Possible values (case-insensitive) are ERROR, INFO, DEBUG.
+      VIKUNJA_LOG_MAIL: ${VIKUNJA_LOG_MAIL:-off} # Possible values are stdout, stderr, file or off to disable mail-related logging.
+      VIKUNJA_LOG_MAILLEVEL: ${VIKUNJA_LOG_MAILLEVEL:-info} # Possible values (case-insensitive) are ERROR, WARNING, INFO, DEBUG.
+
+      VIKUNJA_RATELIMIT_ENABLED: ${VIKUNJA_RATELIMIT_ENABLED:-false}
+      VIKUNJA_RATELIMIT_KIND: ${VIKUNJA_RATELIMIT_KIND:-user} # Can be either “user” for a rate limit per user or “ip” for an ip-based rate limit.
+      VIKUNJA_RATELIMIT_PERIOD: ${VIKUNJA_RATELIMIT_PERIOD:-60}
+      VIKUNJA_RATELIMIT_LIMIT: ${VIKUNJA_RATELIMIT_LIMIT:-100}
+      VIKUNJA_RATELIMIT_STORE: ${VIKUNJA_RATELIMIT_STORE:-keyvalue} # Possible values are “keyvalue”, “memory” or “redis”. When choosing “keyvalue” this setting follows the one configured in the “keyvalue” section.
+      VIKUNJA_RATELIMIT_NOAUTHLIMIT: ${VIKUNJA_RATELIMIT_NOAUTHLIMIT:-10}
 
       VIKUNJA_SERVICE_JWTSECRET: ${VIKUNJA_SERVICE_JWTSECRET}
       VIKUNJA_SERVICE_JWTTTL: ${VIKUNJA_SERVICE_JWTTTL:-259200}
       VIKUNJA_SERVICE_JWTTTLLONG: ${VIKUNJA_SERVICE_JWTTTLLONG:-2592000}
-      VIKUNJA_SERVICE_FRONTENDURL: ${VIKUNJA_SERVICE_FRONTENDURL:?err}
+      VIKUNJA_SERVICE_INTERFACE: ${VIKUNJA_SERVICE_INTERFACE:-3456}
+      VIKUNJA_SERVICE_UNIXSOCKET: ${VIKUNJA_SERVICE_UNIXSOCKET}
+      VIKUNJA_SERVICE_UNIXSOCKETMODE: ${VIKUNJA_SERVICE_UNIXSOCKETMODE}
+      VIKUNJA_SERVICE_PUBLICURL: ${VIKUNJA_SERVICE_PUBLICURL:?err}
+      VIKUNJA_SERVICE_ROOTPATH: ${VIKUNJA_SERVICE_ROOTPATH:-/app/vikunja/}
       VIKUNJA_SERVICE_MAXITEMSPERPAGE: ${VIKUNJA_SERVICE_MAXITEMSPERPAGE:-50}
       VIKUNJA_SERVICE_ENABLECALDAV: ${VIKUNJA_SERVICE_ENABLECALDAV:-true}
+      VIKUNJA_SERVICE_MOTD: ${VIKUNJA_SERVICE_MOTD}
       VIKUNJA_SERVICE_ENABLELINKSHARING: ${VIKUNJA_SERVICE_ENABLELINKSHARING:-true}
       VIKUNJA_SERVICE_ENABLEREGISTRATION: ${VIKUNJA_SERVICE_ENABLEREGISTRATION:-true}
       VIKUNJA_SERVICE_ENABLETASKATTACHMENTS: ${VIKUNJA_SERVICE_ENABLETASKATTACHMENTS:-true}
-      VIKUNJA_SERVICE_TIMEZONE: ${VIKUNJA_SERVICE_TIMEZONE:-GMT}
+      VIKUNJA_SERVICE_TIMEZONE: ${VIKUNJA_SERVICE_TIMEZONE:-Europe/Paris}
       VIKUNJA_SERVICE_ENABLETASKCOMMENTS: ${VIKUNJA_SERVICE_ENABLETASKCOMMENTS:-true}
       VIKUNJA_SERVICE_ENABLETOTP: ${VIKUNJA_SERVICE_ENABLETOTP:-true}
+      VIKUNJA_SERVICE_TESTINGTOKEN: ${VIKUNJA_SERVICE_TESTINGTOKEN}
       VIKUNJA_SERVICE_ENABLEEMAILREMINDERS: ${VIKUNJA_SERVICE_ENABLEEMAILREMINDERS:-true}
       VIKUNJA_SERVICE_ENABLEUSERDELETION: ${VIKUNJA_SERVICE_ENABLEUSERDELETION:-true}
-      VIKUNJA_SERVICE_ROOTPATH: ${VIKUNJA_SERVICE_ROOTPATH:-/app/vikunja/}
+      VIKUNJA_SERVICE_MAXAVATARSIZE: ${VIKUNJA_SERVICE_MAXAVATARSIZE:-512}
+      VIKUNJA_SERVICE_DEMOMODE: ${VIKUNJA_SERVICE_DEMOMODE:-false}
+      VIKUNJA_SERVICE_ALLOWICONCHANGES: ${VIKUNJA_SERVICE_ALLOWICONCHANGES:-true}
+      VIKUNJA_SERVICE_CUSTOMLOGOURL: ${VIKUNJA_SERVICE_CUSTOMLOGOURL}
+
+      VIKUNJA_WEBHOOKS_ENABLED: ${VIKUNJA_WEBHOOKS_ENABLED:-true}
+      VIKUNJA_WEBHOOKS_TIMOUTSECONDS: ${VIKUNJA_WEBHOOKS_TIMOUTSECONDS:-30}
+      VIKUNJA_WEBHOOKS_PROXYURL: ${VIKUNJA_WEBHOOKS_PROXYURL}
+      VIKUNJA_WEBHOOKS_PROXYPASSWORD: ${VIKUNJA_WEBHOOKS_PROXYPASSWORD}
 
       PUID: ${VIKUNJA_PUID:-1000}
       PGID: ${VIKUNJA_PGID:-1000}
@@ -47,9 +103,3 @@ services:
       - vikunja:${VIKUNJA_VOLUME_PATH:-/app/vikunja/files}
       - /etc/timezone:/etc/timezone:ro
       - /etc/localtime:/etc/localtime:ro
-  vikunja_frontend:
-    container_name: ${VIKUNJA_CONTAINER_NAME:-vikunja}_frontend
-    image: ${VIKUNJA_FRONTEND_IMAGE:-vikunja/frontend:0.21.0}
-    restart: always
-    depends_on:
-      - vikunja_api