Document DoneTick Pangolin and Authentik config
This commit is contained in:
@@ -25,6 +25,8 @@ Per-service gotchas that aren't bugs but will bite you if you forget them.
|
|||||||
- Env vars alone are insufficient for DB type selection
|
- Env vars alone are insufficient for DB type selection
|
||||||
- Requires `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml` with full DB config
|
- Requires `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml` with full DB config
|
||||||
- Uses viper config loader — `DT_ENV` controls config file path
|
- Uses viper config loader — `DT_ENV` controls config file path
|
||||||
|
- Public exposure through Pangolin can stay unhealthy after renumbering if the target health-check hostname is stale even when the target IP/port are already fixed; verify both `ip` and `hcHostname`
|
||||||
|
- OIDC metadata for the frontend is exposed from `/api/v1/resource`; if the login button is missing, check that endpoint before debugging the SPA
|
||||||
|
|
||||||
### shlink
|
### shlink
|
||||||
- Data directory must be `chmod 777` — runs as non-root user that doesn't match host default ownership
|
- Data directory must be `chmod 777` — runs as non-root user that doesn't match host default ownership
|
||||||
|
|||||||
25
home/donetick/README.md
Normal file
25
home/donetick/README.md
Normal file
@@ -0,0 +1,25 @@
|
|||||||
|
# DoneTick
|
||||||
|
|
||||||
|
Live deployment
|
||||||
|
- Host: PlausibleDeniability
|
||||||
|
- Public URL: https://donetick.paccoco.com
|
||||||
|
- Internal URL: http://10.5.30.6:2021
|
||||||
|
- Live config path: `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml`
|
||||||
|
|
||||||
|
Auth
|
||||||
|
- Authentik OIDC app slug: `donetick`
|
||||||
|
- Web redirect URI: `https://donetick.paccoco.com/auth/oauth2`
|
||||||
|
- Native redirect URI: `donetick://auth/oauth2`
|
||||||
|
- DoneTick API resource endpoint exposing IdP metadata: `/api/v1/resource`
|
||||||
|
- Optional role mapping groups:
|
||||||
|
- `donetick-admins`
|
||||||
|
- `donetick-managers`
|
||||||
|
|
||||||
|
Pangolin
|
||||||
|
- Resource: `donetick.paccoco.com`
|
||||||
|
- Current target site: Plausible Deniability (site 4)
|
||||||
|
- Target health check must follow the current host/port after renumbering; stale `hcHostname` values can leave the route unhealthy even when the target IP/port are correct.
|
||||||
|
|
||||||
|
Rollback
|
||||||
|
- Restore the previous live config from `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml.bak-*` and restart the `donetick` container.
|
||||||
|
- For Pangolin, restore target 91 from `/home/fizzlepoof/pangolin-donetick-target-91-before.json` or from a fresh Pangolin API backup if the public route regresses.
|
||||||
46
home/donetick/selfhosted.yaml.example
Normal file
46
home/donetick/selfhosted.yaml.example
Normal file
@@ -0,0 +1,46 @@
|
|||||||
|
database:
|
||||||
|
type: postgres
|
||||||
|
host: shared-postgres
|
||||||
|
port: 5432
|
||||||
|
user: donetick
|
||||||
|
password: CHANGE_ME
|
||||||
|
name: donetick
|
||||||
|
migration: true
|
||||||
|
jwt:
|
||||||
|
secret: CHANGE_ME
|
||||||
|
session_time: 168h
|
||||||
|
max_refresh: 168h
|
||||||
|
server:
|
||||||
|
port: 2021
|
||||||
|
serve_frontend: true
|
||||||
|
public_host: https://donetick.paccoco.com
|
||||||
|
cors_allow_origins:
|
||||||
|
- https://donetick.paccoco.com
|
||||||
|
- capacitor://localhost
|
||||||
|
- http://localhost
|
||||||
|
- http://localhost:8100
|
||||||
|
oauth2:
|
||||||
|
name: Authentik
|
||||||
|
client_id: donetick
|
||||||
|
client_secret: CHANGE_ME
|
||||||
|
redirect_url: https://donetick.paccoco.com/auth/oauth2
|
||||||
|
scopes:
|
||||||
|
- openid
|
||||||
|
- profile
|
||||||
|
- email
|
||||||
|
auth_url: https://authentik.paccoco.com/application/o/authorize/
|
||||||
|
token_url: https://authentik.paccoco.com/application/o/token/
|
||||||
|
user_info_url: https://authentik.paccoco.com/application/o/userinfo/
|
||||||
|
admin_groups:
|
||||||
|
- donetick-admins
|
||||||
|
manager_groups:
|
||||||
|
- donetick-managers
|
||||||
|
realtime:
|
||||||
|
enabled: true
|
||||||
|
sse_enabled: true
|
||||||
|
websocket_enabled: false
|
||||||
|
allowed_origins:
|
||||||
|
- https://donetick.paccoco.com
|
||||||
|
- capacitor://localhost
|
||||||
|
- http://localhost
|
||||||
|
- http://localhost:8100
|
||||||
Reference in New Issue
Block a user