eddie/homelab
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 2
homelab/compose/services/vikunja/compose.yaml
Claude ffc30ff582
refactor: Move all environment variables to .env files with example secrets 
This commit improves configuration management by:

## Changes

### Environment Variable Management
- Moved ALL environment blocks from compose.yaml files to .env files
- Added comprehensive .env files for all 20 services
- Included example secret formats with generation commands
- Added detailed comments explaining what each secret should look like

### Example Secret Formats
All .env files now include examples for:
- **JWT Secrets**: 64-character hex strings
  - Example format: `a1b2c3d4e5f67890abcdef1234567890...`
  - Generate with: `openssl rand -hex 32`

- **Passwords**: Strong alphanumeric passwords
  - Example format: `MyS3cur3P@ssw0rd!2024#HomeL@b`
  - Generate with: `openssl rand -base64 32 | tr -d /=+ | cut -c1-32`

- **Session Secrets**: Random hex strings
  - Example format: `b2c3d4e5f67890abcdef1234567890a1b2...`
  - Generate with: `openssl rand -hex 32`

- **API Keys**: Service-specific formats
  - Meili: 32-character hex (`openssl rand -hex 16`)
  - NextAuth: 64-character hex (`openssl rand -hex 32`)

### GPU Support Documentation
- Added NVIDIA GPU (GTX 1070) configuration for Jellyfin
- Added NVIDIA GPU configuration for Immich (ML inference & transcoding)
- Included setup instructions for NVIDIA Container Toolkit
- Documented how to enable GPU acceleration in each service

### Services Updated

**Core Infrastructure:**
- lldap: Added JWT secret and password examples
- tinyauth: Added session secret examples
- traefik: No environment variables needed

**Media Services:**
- jellyfin: Added .env with GPU configuration docs
- jellyseer: Created .env with logging and timezone settings
- immich: Added database password examples and GPU docs
- sonarr: Created .env for PUID/PGID/TZ
- radarr: Created .env for PUID/PGID/TZ
- sabnzbd: Created .env for PUID/PGID/TZ
- qbittorrent: Created .env for PUID/PGID/TZ/WEBUI_PORT

**Utility Services:**
- homarr: Created .env for port and timezone
- backrest: Added environment variables to .env
- linkwarden: Rewrote .env with NextAuth, Postgres, Meili examples
- vikunja: Created .env with JWT secret and database password
- FreshRSS: Created .env for PUID/PGID/TZ
- booklore: Created .env for PUID/PGID/TZ
- calibre-web: Created .env for PUID/PGID/TZ
- filebrowser: Created .env for PUID/PGID/TZ
- lubelogger: Created .env with locale settings
- rsshub: Created .env with cache and logging config
- microbin: Updated existing .env, removed environment block

### Benefits

1. **Security**:
   - Clear examples show what strong secrets look like
   - Generation commands prevent weak passwords
   - All secrets in one place per service

2. **Consistency**:
   - All services follow the same pattern (env_file: .env)
   - No more environment blocks in compose files
   - Easier to template new services

3. **Usability**:
   - Users know exactly what to change (look for `changeme_*`)
   - Example formats prevent configuration errors
   - Commands provided to generate secure values

4. **Maintainability**:
   - Compose files are cleaner and more readable
   - Environment changes don't require compose file edits
   - Version control friendly (.env files can be .gitignored)

### Files Changed
- Modified: 24 compose.yaml files
- Created: 14 new .env files
- Updated: 6 existing .env files
- Total .env files: 20 across all services

All compose.yaml files now use `env_file: .env` exclusively.
No environment blocks remain in any compose files.
2025-11-06 19:18:07 +00:00

48 lines
1.3 KiB
YAML
Raw Blame History

# Vikunja - The open-source, self-hostable to-do app
# Docs: https://vikunja.io/docs/full-docker-example/
services:
vikunja:
container_name: vikunja
image: vikunja/vikunja:latest
env_file:
- .env
volumes:
- ./files:/app/vikunja/files
depends_on:
vikunja-db:
condition: service_healthy
restart: unless-stopped
networks:
- homelab
- vikunja_internal
labels:
traefik.enable: true
traefik.docker.network: homelab
traefik.http.routers.vikunja.rule: Host(`tasks.fig.systems`) || Host(`tasks.edfig.dev`)
traefik.http.routers.vikunja.entrypoints: websecure
traefik.http.routers.vikunja.tls.certresolver: letsencrypt
traefik.http.services.vikunja.loadbalancer.server.port: 3456
traefik.http.routers.vikunja.middlewares: tinyauth
vikunja-db:
container_name: vikunja-db
image: postgres:18
env_file:
- .env
volumes:
- ./db:/var/lib/postgresql/data
restart: unless-stopped
networks:
- vikunja_internal
healthcheck:
test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
interval: 2s
start_period: 30s
networks:
homelab:
external: true
vikunja_internal:
name: vikunja_internal
driver: bridge
Reference in a new issue View git blame Copy permalink