Document DoneTick Pangolin and Authentik config
Some checks failed
secret-guardrails / artifact-secret-scan (push) Has been cancelled
secret-guardrails / gitleaks (push) Has been cancelled

This commit is contained in:
Fizzlepoof
2026-05-24 01:17:07 +00:00
parent 9bb48ee385
commit 147889c72d
3 changed files with 73 additions and 0 deletions

View File

@@ -25,6 +25,8 @@ Per-service gotchas that aren't bugs but will bite you if you forget them.
- Env vars alone are insufficient for DB type selection
- Requires `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml` with full DB config
- Uses viper config loader — `DT_ENV` controls config file path
- Public exposure through Pangolin can stay unhealthy after renumbering if the target health-check hostname is stale even when the target IP/port are already fixed; verify both `ip` and `hcHostname`
- OIDC metadata for the frontend is exposed from `/api/v1/resource`; if the login button is missing, check that endpoint before debugging the SPA
### shlink
- Data directory must be `chmod 777` — runs as non-root user that doesn't match host default ownership

25
home/donetick/README.md Normal file
View File

@@ -0,0 +1,25 @@
# DoneTick
Live deployment
- Host: PlausibleDeniability
- Public URL: https://donetick.paccoco.com
- Internal URL: http://10.5.30.6:2021
- Live config path: `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml`
Auth
- Authentik OIDC app slug: `donetick`
- Web redirect URI: `https://donetick.paccoco.com/auth/oauth2`
- Native redirect URI: `donetick://auth/oauth2`
- DoneTick API resource endpoint exposing IdP metadata: `/api/v1/resource`
- Optional role mapping groups:
- `donetick-admins`
- `donetick-managers`
Pangolin
- Resource: `donetick.paccoco.com`
- Current target site: Plausible Deniability (site 4)
- Target health check must follow the current host/port after renumbering; stale `hcHostname` values can leave the route unhealthy even when the target IP/port are correct.
Rollback
- Restore the previous live config from `/mnt/tank/docker/appdata/donetick/config/selfhosted.yaml.bak-*` and restart the `donetick` container.
- For Pangolin, restore target 91 from `/home/fizzlepoof/pangolin-donetick-target-91-before.json` or from a fresh Pangolin API backup if the public route regresses.

View File

@@ -0,0 +1,46 @@
database:
type: postgres
host: shared-postgres
port: 5432
user: donetick
password: CHANGE_ME
name: donetick
migration: true
jwt:
secret: CHANGE_ME
session_time: 168h
max_refresh: 168h
server:
port: 2021
serve_frontend: true
public_host: https://donetick.paccoco.com
cors_allow_origins:
- https://donetick.paccoco.com
- capacitor://localhost
- http://localhost
- http://localhost:8100
oauth2:
name: Authentik
client_id: donetick
client_secret: CHANGE_ME
redirect_url: https://donetick.paccoco.com/auth/oauth2
scopes:
- openid
- profile
- email
auth_url: https://authentik.paccoco.com/application/o/authorize/
token_url: https://authentik.paccoco.com/application/o/token/
user_info_url: https://authentik.paccoco.com/application/o/userinfo/
admin_groups:
- donetick-admins
manager_groups:
- donetick-managers
realtime:
enabled: true
sse_enabled: true
websocket_enabled: false
allowed_origins:
- https://donetick.paccoco.com
- capacitor://localhost
- http://localhost
- http://localhost:8100