From 12eb66d913943967c03f1b99f357683c17b21493 Mon Sep 17 00:00:00 2001 From: redbeardymcgee Date: Tue, 15 Apr 2025 08:51:27 -0500 Subject: [PATCH] fix(leantime): add env file and network --- quadlets/leantime/leantime.env | 201 +++++++++++++++++++++++++++++ quadlets/leantime/leantime.network | 4 + 2 files changed, 205 insertions(+) create mode 100644 quadlets/leantime/leantime.env create mode 100644 quadlets/leantime/leantime.network diff --git a/quadlets/leantime/leantime.env b/quadlets/leantime/leantime.env new file mode 100644 index 0000000..8145464 --- /dev/null +++ b/quadlets/leantime/leantime.env @@ -0,0 +1,201 @@ +# This is a sample configuration file with all possible configuration options. +# If you dont want to maintain a file like this you can pass in all variables via Server Variables + +LEAN_PORT=8080 # The port to expose and access Leantime +LEAN_APP_URL=https://leantime.example.com # Base URL, needed for subfolder or proxy installs (including http:// or https://) +LEAN_APP_DIR= # Base of application without trailing slash (used for cookies), e.g, /leantime + +LEAN_DEBUG=0 # Debug flag + +# Database - MySQL container +# MYSQL_ROOT_PASSWORD=changeme123 # MySQL root password +MYSQL_DATABASE=leantime # Database name +MYSQL_USER=leantime # Database username +# MYSQL_PASSWORD=changeme123 # Database password + +# Database - leantime container +LEAN_DB_HOST=leantime-mysql # Database host +LEAN_DB_USER=leantime # Database username (needs to be the same as MYSQL_USER) +# LEAN_DB_PASSWORD=changeme123 # Database password (needs to be the same as MYSQL_PASSWORD) +LEAN_DB_DATABASE=leantime # Database name (needs to be the same as MYSQL_DATABASE) +LEAN_DB_PORT=3306 # Database port + +## Session Management +# LEAN_SESSION_PASSWORD=3evBlq9zdUEuzKvVJHWWx3QzsQhturBApxwcws2m # Salting sessions, replace with a strong password +LEAN_SESSION_EXPIRATION=28800 # How many seconds after inactivity should we logout? 28800seconds = 8hours +LEAN_SESSION_SECURE=false # Serve cookies via https only? Set to true when using https, set to false when using http. + + +## Optional Configuration, you may omit these from your .env file + +## Default Settings +LEAN_SITENAME=Leantime # Name of your site, can be changed later +LEAN_LANGUAGE=en-US # Default language +LEAN_DEFAULT_TIMEZONE=Etc/UTC # Set default timezone +LEAN_LOG_PATH= # Default Log Path (including filename), if not set /logs/error.log will be used +LEAN_DISABLE_LOGIN_FORM=false # If true then dont show the login form (useful only if additional auth method[s] are available) + +## Look & Feel, these settings are available in the UI and can be overwritten there. +LEAN_LOGO_PATH=/dist/images/logo.svg # Default logo path, can be changed later +LEAN_PRINT_LOGO_URL=/dist/images/logo.png # Default logo URL use for printing (must be jpg or png format) +LEAN_DEFAULT_THEME=default # Default theme +LEAN_PRIMARY_COLOR=#006d9f # Primary Theme color +LEAN_SECONDARY_COLOR = #00a886 # Secondary Theme Color + + +## Fileuploads + +# Local File Uploads +LEAN_USER_FILE_PATH=userfiles/ # Local relative path to store uploaded files (if not using S3) +LEAN_DB_BACKUP_PATH=backupdb/ # Local relative path to store backup files, need permission to write + +# S3 File Uploads +LEAN_USE_S3=false # Set to true if you want to use S3 instead of local files +LEAN_S3_KEY= # S3 Key +LEAN_S3_SECRET= # S3 Secret +LEAN_S3_BUCKET= # Your S3 bucket +LEAN_S3_USE_PATH_STYLE_ENDPOINT=false # Sets the endpoint style: false => https://[bucket].[endpoint] ; true => https://[endpoint]/[bucket] +LEAN_S3_REGION= # S3 region +LEAN_S3_FOLDER_NAME= # Foldername within S3 (can be empty) +LEAN_S3_END_POINT=null # S3 EndPoint S3 Compatible (https://sfo2.digitaloceanspaces.com) + +## Email +LEAN_EMAIL_RETURN= # Return email address, needs to be valid email address format +LEAN_EMAIL_USE_SMTP=false # Use SMTP? If set to false, the default php mail() function will be used +LEAN_EMAIL_SMTP_HOSTS= # SMTP host +LEAN_EMAIL_SMTP_AUTH=true # SMTP authentication required +LEAN_EMAIL_SMTP_USERNAME= # SMTP username +LEAN_EMAIL_SMTP_PASSWORD= # SMTP password +LEAN_EMAIL_SMTP_AUTO_TLS=true # SMTP Enable TLS encryption automatically if a server supports it +LEAN_EMAIL_SMTP_SECURE= # SMTP Security protocol (usually one of: TLS, SSL, STARTTLS) +LEAN_EMAIL_SMTP_SSLNOVERIFY=false # SMTP Allow insecure SSL: Dont verify certificate, accept self-signed, etc. +LEAN_EMAIL_SMTP_PORT= # Port (usually one of 25, 465, 587, 2526) + +## LDAP +LEAN_LDAP_USE_LDAP=false # Set to true if you want to use LDAP +LEAN_LDAP_LDAP_DOMAIN= # Domain name after username@ so users can login without domain definition +LEAN_LDAP_LDAP_TYPE=OL # Select the correct directory type. Currently Supported: OL - OpenLdap, AD - Active Directory +LEAN_LDAP_HOST= # FQDN +LEAN_LDAP_PORT=389 # Default Port +LEAN_LDAP_URI= # LDAP URI as alternative to hostname and port. Uses ldap://hostname:port +LEAN_LDAP_DN= # Location of users, example: CN=users,DC=example,DC=com + # Leantime->Ldap attribute mapping +LEAN_LDAP_KEYS="{ + \"username\":\"uid\", + \"groups\":\"memberOf\", + \"email\":\"mail\", + \"firstname\":\"displayname\", + \"lastname\":\"\", + \"phone\":\"telephoneNumber\", + \"jobTitle\":\"title\" + \"jobLevel\":\"level\" + \"department\":\"department\" + +}" + +# For AD use these default attributes +# LEAN_LDAP_KEYS="{ +# \"username\":\"cn\", +# \"groups\":\"memberOf\", +# \"email\":\"mail\", +# \"firstname\":\"givenName\", +# \"lastname\":\"sn\", +# \"phone\":\"telephoneNumber\", +# \"jobTitle\":\"title\" +# \"jobLevel\":\"level\" +# \"department\":\"department\" +# }" + +LEAN_LDAP_DEFAULT_ROLE_KEY=20; # Default Leantime Role on creation. (set to editor) + +# Default role assignments upon first login. +# optional - Can be updated later in user settings for each user +LEAN_LDAP_GROUP_ASSIGNMENT="{ + \"5\": { + \"ltRole\":\"readonly\", + \"ldapRole\":\"readonly\" + }, + \"10\": { + \"ltRole\":\"commenter\", + \"ldapRole\":\"commenter\" + }, + \"20\": { + \"ltRole\":\"editor\", + \"ldapRole\":\"editor\" + }, + \"30\": { + \"ltRole\":\"manager\", + \"ldapRole\":\"manager\" + }, + \"40\": { + \"ltRole\":\"admin\", + \"ldapRole\":\"administrators\" + }, + \"50\": { + \"ltRole\":\"owner\", + \"ldapRole\":\"administrators\" + } +}" + +## OpenID Connect +# required +LEAN_OIDC_ENABLE=false +LEAN_OIDC_CLIENT_ID = +LEAN_OIDC_CLIENT_SECRET = + +# required - the URL for your provider (examples down below) +#LEAN_OIDC_PROVIDER_URL = + +#Create User if it doesnt exist in Leantime db, otherwise fail login +LEAN_OIDC_CREATE_USER=false + +# Default role for users created via OIDC (20 is editor) +LEAN_OIDC_DEFAULT_ROLE=20 + +# optional - these will be read from the well-known configuration if possible +#LEAN_OIDC_AUTH_URL_OVERRIDE = +#LEAN_OIDC_TOKEN_URL_OVERRIDE = +#LEAN_OIDC_JWKS_URL_OVERRIDE = +#LEAN_OIDC_USERINFO_URL_OVERRIDE = + +# optional - override the public key for RSA validation +#LEAN_OIDC_CERTIFICATE_STRING = +#LEAN_OIDC_CERTIFICATE_FILE = + +# optional - override the requested scopes +#LEAN_OIDC_SCOPES = + +# optional - override the keys used for these fields +#LEAN_OIDC_FIELD_EMAIL = +#LEAN_OIDC_FIELD_FIRSTNAME = +#LEAN_OIDC_FIELD_LASTNAME = +#LEAN_OIDC_FIELD_PHONE = +#LEAN_OIDC_FIELD_JOBTITLE = +#LEAN_OIDC_FIELD_JOBLEVEL= +#LEAN_OIDC_FIELD_DEPARTMENT = + +## OpenID Connect setting for GitHub +#LEAN_OIDC_PROVIDER_URL=https://token.actions.githubusercontent.com/ +#LEAN_OIDC_AUTH_URL_OVERRIDE=https://github.com/login/oauth/authorize +#LEAN_OIDC_TOKEN_URL_OVERRIDE=https://github.com/login/oauth/access_token +#LEAN_OIDC_USERINFO_URL_OVERRIDE=https://api.github.com/user,https://api.github.com/user/emails +#LEAN_OIDC_SCOPES=user:email,read:user +#LEAN_OIDC_FIELD_EMAIL=0.email +#LEAN_OIDC_FIELD_FIRSTNAME=name + + +## Redis (for session storage and cache) +LEAN_USE_REDIS=false # Set to true to use redis as session cache +LEAN_REDIS_URL= # Add URL path such as tcp://1.2.3.4:6379. If you are using a password, add ?auth=yourverycomplexpasswordhere to your URL +LEAN_REDIS_HOST= +LEAN_REDIS_PORT=6379 +LEAN_REDIS_PASSWORD= +LEAN_REDIS_SCHEME= + +## Rate limiting +LEAN_RATELIMIT_GENERAL=1000 +LEAN_RATELIMIT_API=10 +LEAN_RATELIMIT_AUTH=20 + + + diff --git a/quadlets/leantime/leantime.network b/quadlets/leantime/leantime.network new file mode 100644 index 0000000..0ad6b07 --- /dev/null +++ b/quadlets/leantime/leantime.network @@ -0,0 +1,4 @@ +[Unit] +Description=Leantime network + +[Network]