diff --git a/docs/troubleshooting/KNOWN_QUIRKS.md b/docs/troubleshooting/KNOWN_QUIRKS.md index b728741..130caec 100644 --- a/docs/troubleshooting/KNOWN_QUIRKS.md +++ b/docs/troubleshooting/KNOWN_QUIRKS.md @@ -25,6 +25,8 @@ Per-service gotchas that aren't bugs but will bite you if you forget them. - Env vars alone are insufficient for DB type selection - Requires `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml` with full DB config - Uses viper config loader — `DT_ENV` controls config file path +- Public exposure through Pangolin can stay unhealthy after renumbering if the target health-check hostname is stale even when the target IP/port are already fixed; verify both `ip` and `hcHostname` +- OIDC metadata for the frontend is exposed from `/api/v1/resource`; if the login button is missing, check that endpoint before debugging the SPA ### shlink - Data directory must be `chmod 777` — runs as non-root user that doesn't match host default ownership diff --git a/home/donetick/README.md b/home/donetick/README.md new file mode 100644 index 0000000..924bef7 --- /dev/null +++ b/home/donetick/README.md @@ -0,0 +1,25 @@ +# DoneTick + +Live deployment +- Host: PlausibleDeniability +- Public URL: https://donetick.paccoco.com +- Internal URL: http://10.5.30.6:2021 +- Live config path: `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml` + +Auth +- Authentik OIDC app slug: `donetick` +- Web redirect URI: `https://donetick.paccoco.com/auth/oauth2` +- Native redirect URI: `donetick://auth/oauth2` +- DoneTick API resource endpoint exposing IdP metadata: `/api/v1/resource` +- Optional role mapping groups: + - `donetick-admins` + - `donetick-managers` + +Pangolin +- Resource: `donetick.paccoco.com` +- Current target site: Plausible Deniability (site 4) +- Target health check must follow the current host/port after renumbering; stale `hcHostname` values can leave the route unhealthy even when the target IP/port are correct. + +Rollback +- Restore the previous live config from `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml.bak-*` and restart the `donetick` container. +- For Pangolin, restore target 91 from `/home/fizzlepoof/pangolin-donetick-target-91-before.json` or from a fresh Pangolin API backup if the public route regresses. diff --git a/home/donetick/selfhosted.yaml.example b/home/donetick/selfhosted.yaml.example new file mode 100644 index 0000000..e0cb69e --- /dev/null +++ b/home/donetick/selfhosted.yaml.example @@ -0,0 +1,46 @@ +database: + type: postgres + host: shared-postgres + port: 5432 + user: donetick + password: CHANGE_ME + name: donetick + migration: true +jwt: + secret: CHANGE_ME + session_time: 168h + max_refresh: 168h +server: + port: 2021 + serve_frontend: true + public_host: https://donetick.paccoco.com + cors_allow_origins: + - https://donetick.paccoco.com + - capacitor://localhost + - http://localhost + - http://localhost:8100 +oauth2: + name: Authentik + client_id: donetick + client_secret: CHANGE_ME + redirect_url: https://donetick.paccoco.com/auth/oauth2 + scopes: + - openid + - profile + - email + auth_url: https://authentik.paccoco.com/application/o/authorize/ + token_url: https://authentik.paccoco.com/application/o/token/ + user_info_url: https://authentik.paccoco.com/application/o/userinfo/ + admin_groups: + - donetick-admins + manager_groups: + - donetick-managers +realtime: + enabled: true + sse_enabled: true + websocket_enabled: false + allowed_origins: + - https://donetick.paccoco.com + - capacitor://localhost + - http://localhost + - http://localhost:8100