Can you set up OIDC via env variables? Also - can you run rootless?

Support
1

I wonder - is it possible to set up oidc login using env variables? I see them described in the docs, but I couldn’t make it work on my 1.0.0 install. With config file it went through - but I would love to set it up with variables as I could use my vault to store those.

Also - have anyone managed to get it working in fully rootless Podman? When I’ve been trying with default I got some errors (among them .config permission error) - not surprisingly went away when I launched with User=0 ;), but I’d prefer fully rootless. In worst case scenario I’ll try my own image, but the less things I have to manage the better.

I like what I’m seeing so far - congrats on user friendly app. Hope it won’t degrade into some sort of subscription etc (but I understand finding proper way of funding oss is tricky).

2

Hello

ive managed to get it vikunja to work with authentik & docker compose

services:
  vikunja:
    image: vikunja/vikunja
    environment:
      VIKUNJA_SERVICE_PUBLICURL: https://vikunja.publicurl.com
      VIKUNJA_DATABASE_HOST: db
      VIKUNJA_DATABASE_PASSWORD: $POSTGRES_PASSWORD
      VIKUNJA_DATABASE_TYPE: postgres
      VIKUNJA_DATABASE_USER: vikunja
      VIKUNJA_SERVICE_JWTSECRET: $JWTSECRET
      VIKUNJA_DATABASE_DATABASE: vikunja
# smtp
      VIKUNJA_MAILER_ENABLED: "true"
      VIKUNJA_MAILER_HOST: "smtphostserver"
      VIKUNJA_MAILER_PORT: 2525
      VIKUNJA_MAILER_USERNAME: "smtpusername"
      VIKUNJA_MAILER_PASSWORD: "$MAILER_PASSWORD"
      VIKUNJA_MAILER_FROMEMAIL: "vikunja@domain.com"
      VIKUNJA_MAILER_SKIPTLSVERIFY: "false"
      VIKUNJA_MAILER_FORCESSL: "false"
# OIDC
      VIKUNJA_AUTH_OPENID_ENABLED: "true"
      VIKUNJA_AUTH_OPENID_PROVIDERS_Authentik_AUTHURL: https://authentik.company/application/o/vikunja/
      VIKUNJA_AUTH_OPENID_PROVIDERS_Authentik_CLIENTID: "CLIENT_ID"
      VIKUNJA_AUTH_OPENID_PROVIDERS_Authentik_CLIENTSECRET: "CLIENT_SECRET"
      VIKUNJA_AUTH_OPENID_PROVIDERS_Authentik_NAME: Authentik
      VIKUNJA_AUTH_OPENID_PROVIDERS_Authentik_SCOPE: "openid profile email"
# Webhooks
      VIKUNJA_WEBHOOKS_ENABLED: "true"
# Optional: limit number of retries
      VIKUNJA_WEBHOOKS_MAXRETRIES: 5
# Optional: delay between retries (seconds)
      VIKUNJA_WEBHOOKS_RETRYINTERVAL: 30
# Optional: timeout for webhook delivery (seconds)
      VIKUNJA_WEBHOOKS_TIMEOUT: 10
    volumes:
      - ./files:/app/vikunja/files
    networks:
      - default
    depends_on:
      db:
        condition: service_healthy
    restart: unless-stopped
  db:
    image: postgres:18
    environment:
      POSTGRES_PASSWORD: $POSTGRES_PASSWORD
      POSTGRES_USER: vikunja
    volumes:
      - ./db:/var/lib/postgresql
    restart: unless-stopped
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -h localhost -U $$POSTGRES_USER"]
      interval: 2s
      start_period: 30s
1 Like
3

Thx @canapat873 - it looks I’ll have to give it another shot. I’ve tried similar setup but I didn’t get oidc working via env variables (while it worked immediately with config file). Glad it’s possible - I’ll give it another shot.