Document DoneTick Pangolin and Authentik config
This commit is contained in:
@@ -25,6 +25,8 @@ Per-service gotchas that aren't bugs but will bite you if you forget them.
|
||||
- Env vars alone are insufficient for DB type selection
|
||||
- Requires `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml` with full DB config
|
||||
- Uses viper config loader — `DT_ENV` controls config file path
|
||||
- Public exposure through Pangolin can stay unhealthy after renumbering if the target health-check hostname is stale even when the target IP/port are already fixed; verify both `ip` and `hcHostname`
|
||||
- OIDC metadata for the frontend is exposed from `/api/v1/resource`; if the login button is missing, check that endpoint before debugging the SPA
|
||||
|
||||
### shlink
|
||||
- Data directory must be `chmod 777` — runs as non-root user that doesn't match host default ownership
|
||||
|
||||
25
home/donetick/README.md
Normal file
25
home/donetick/README.md
Normal file
@@ -0,0 +1,25 @@
|
||||
# DoneTick
|
||||
|
||||
Live deployment
|
||||
- Host: PlausibleDeniability
|
||||
- Public URL: https://donetick.paccoco.com
|
||||
- Internal URL: http://10.5.30.6:2021
|
||||
- Live config path: `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml`
|
||||
|
||||
Auth
|
||||
- Authentik OIDC app slug: `donetick`
|
||||
- Web redirect URI: `https://donetick.paccoco.com/auth/oauth2`
|
||||
- Native redirect URI: `donetick://auth/oauth2`
|
||||
- DoneTick API resource endpoint exposing IdP metadata: `/api/v1/resource`
|
||||
- Optional role mapping groups:
|
||||
- `donetick-admins`
|
||||
- `donetick-managers`
|
||||
|
||||
Pangolin
|
||||
- Resource: `donetick.paccoco.com`
|
||||
- Current target site: Plausible Deniability (site 4)
|
||||
- Target health check must follow the current host/port after renumbering; stale `hcHostname` values can leave the route unhealthy even when the target IP/port are correct.
|
||||
|
||||
Rollback
|
||||
- Restore the previous live config from `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml.bak-*` and restart the `donetick` container.
|
||||
- For Pangolin, restore target 91 from `/home/fizzlepoof/pangolin-donetick-target-91-before.json` or from a fresh Pangolin API backup if the public route regresses.
|
||||
46
home/donetick/selfhosted.yaml.example
Normal file
46
home/donetick/selfhosted.yaml.example
Normal file
@@ -0,0 +1,46 @@
|
||||
database:
|
||||
type: postgres
|
||||
host: shared-postgres
|
||||
port: 5432
|
||||
user: donetick
|
||||
password: CHANGE_ME
|
||||
name: donetick
|
||||
migration: true
|
||||
jwt:
|
||||
secret: CHANGE_ME
|
||||
session_time: 168h
|
||||
max_refresh: 168h
|
||||
server:
|
||||
port: 2021
|
||||
serve_frontend: true
|
||||
public_host: https://donetick.paccoco.com
|
||||
cors_allow_origins:
|
||||
- https://donetick.paccoco.com
|
||||
- capacitor://localhost
|
||||
- http://localhost
|
||||
- http://localhost:8100
|
||||
oauth2:
|
||||
name: Authentik
|
||||
client_id: donetick
|
||||
client_secret: CHANGE_ME
|
||||
redirect_url: https://donetick.paccoco.com/auth/oauth2
|
||||
scopes:
|
||||
- openid
|
||||
- profile
|
||||
- email
|
||||
auth_url: https://authentik.paccoco.com/application/o/authorize/
|
||||
token_url: https://authentik.paccoco.com/application/o/token/
|
||||
user_info_url: https://authentik.paccoco.com/application/o/userinfo/
|
||||
admin_groups:
|
||||
- donetick-admins
|
||||
manager_groups:
|
||||
- donetick-managers
|
||||
realtime:
|
||||
enabled: true
|
||||
sse_enabled: true
|
||||
websocket_enabled: false
|
||||
allowed_origins:
|
||||
- https://donetick.paccoco.com
|
||||
- capacitor://localhost
|
||||
- http://localhost
|
||||
- http://localhost:8100
|
||||
Reference in New Issue
Block a user