From 70bd2098b0c252afdd003a5112876721ce3cd6fb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 4 Jun 2024 08:52:31 +0200
Subject: [PATCH 1/8] [add] role:authelia-for-vikunja [add] vikunja [add]
 vikunja-and-nginx

---
 roles/authelia-for-vikunja/defaults/main.json |  5 ++
 roles/authelia-for-vikunja/info.md            | 10 +++
 roles/authelia-for-vikunja/tasks/main.json    | 25 ++++++
 .../templates/authelia-client-conf.json.j2    | 17 ++++
 roles/vikunja-and-nginx/defaults/main.json    |  3 +
 roles/vikunja-and-nginx/info.md               |  3 +
 roles/vikunja-and-nginx/tasks/main.json       | 35 ++++++++
 roles/vikunja-and-nginx/templates/conf.j2     | 16 ++++
 roles/vikunja/defaults/main.json              | 20 +++++
 roles/vikunja/info.md                         |  9 ++
 roles/vikunja/tasks/main.json                 | 64 +++++++++++++++
 roles/vikunja/templates/config.json.j2        | 44 ++++++++++
 roles/vikunja/templates/systemd-unit.j2       | 16 ++++
 roles/vikunja/vardef.json                     | 82 +++++++++++++++++++
 14 files changed, 349 insertions(+)
 create mode 100644 roles/authelia-for-vikunja/defaults/main.json
 create mode 100644 roles/authelia-for-vikunja/info.md
 create mode 100644 roles/authelia-for-vikunja/tasks/main.json
 create mode 100644 roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2
 create mode 100644 roles/vikunja-and-nginx/defaults/main.json
 create mode 100644 roles/vikunja-and-nginx/info.md
 create mode 100644 roles/vikunja-and-nginx/tasks/main.json
 create mode 100644 roles/vikunja-and-nginx/templates/conf.j2
 create mode 100644 roles/vikunja/defaults/main.json
 create mode 100644 roles/vikunja/info.md
 create mode 100644 roles/vikunja/tasks/main.json
 create mode 100644 roles/vikunja/templates/config.json.j2
 create mode 100644 roles/vikunja/templates/systemd-unit.j2
 create mode 100644 roles/vikunja/vardef.json

diff --git a/roles/authelia-for-vikunja/defaults/main.json b/roles/authelia-for-vikunja/defaults/main.json
new file mode 100644
index 0000000..82bc456
--- /dev/null
+++ b/roles/authelia-for-vikunja/defaults/main.json
@@ -0,0 +1,5 @@
+{
+	"var_authelia_for_vikunja_vikunja_url_base": "https://vikunja.example.org",
+	"var_authelia_for_vikunja_client_id": "vikunja",
+	"var_authelia_for_vikunja_client_secret": "REPLACE_ME"
+}
diff --git a/roles/authelia-for-vikunja/info.md b/roles/authelia-for-vikunja/info.md
new file mode 100644
index 0000000..c3da4d0
--- /dev/null
+++ b/roles/authelia-for-vikunja/info.md
@@ -0,0 +1,10 @@
+## Beschreibung
+
+Um [Vikunja](../vikunja) gegen [Authelia](../authelia) authentifizieren zu lassen
+
+
+## Verweise
+
+- [Authelia-Dokumentation | Vikunja Integration](https://www.authelia.com/integration/openid-connect/vikunja/)
+- [Vikunja-Dokumentation | OpenID](https://vikunja.io/docs/openid/)
+- [Vikunja-Dokumentation | OpenID example configurations](https://vikunja.io/docs/openid-example-configurations/)
diff --git a/roles/authelia-for-vikunja/tasks/main.json b/roles/authelia-for-vikunja/tasks/main.json
new file mode 100644
index 0000000..3067d3d
--- /dev/null
+++ b/roles/authelia-for-vikunja/tasks/main.json
@@ -0,0 +1,25 @@
+[
+	{
+		"name": "configuration | emplace",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "authelia-client-conf.json.j2",
+			"dest": "/etc/authelia/conf.d/clients/vikunja.json"
+		}
+	},
+	{
+		"name": "configuration | apply",
+		"become": true,
+		"ansible.builtin.command": {
+			"cmd": "/usr/bin/authelia-conf-compose"
+		}
+	},
+	{
+		"name": "restart service",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "authelia"
+		}
+	}
+]
diff --git a/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2 b/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2
new file mode 100644
index 0000000..47d38e7
--- /dev/null
+++ b/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2
@@ -0,0 +1,17 @@
+{
+	"client_id": "{{var_authelia_for_vikunja_client_id}}",
+	"client_secret": "{{var_authelia_for_vikunja_client_secret}}",
+	"client_name": "Vikunja",
+	"public": false,
+	"authorization_policy": "one_factor",
+	"redirect_uris": [
+		"{{var_authelia_for_vikunja_vikunja_url_base}}/_vikunja/client/oidc/callback"
+	],
+	"scopes": [
+		"openid",
+		"email",
+		"profile"
+	],
+	"userinfo_signed_response_alg": "none",
+	"token_endpoint_auth_method": "client_secret_basic"
+}
diff --git a/roles/vikunja-and-nginx/defaults/main.json b/roles/vikunja-and-nginx/defaults/main.json
new file mode 100644
index 0000000..e08064b
--- /dev/null
+++ b/roles/vikunja-and-nginx/defaults/main.json
@@ -0,0 +1,3 @@
+{
+	"var_vikunja_and_nginx_domain": "vikunja.example.org"
+}
diff --git a/roles/vikunja-and-nginx/info.md b/roles/vikunja-and-nginx/info.md
new file mode 100644
index 0000000..badd0b2
--- /dev/null
+++ b/roles/vikunja-and-nginx/info.md
@@ -0,0 +1,3 @@
+## Verweise
+
+- [Vikunja-Dokumentation](https://vikunja.io/docs/reverse-proxy/#nginx)
diff --git a/roles/vikunja-and-nginx/tasks/main.json b/roles/vikunja-and-nginx/tasks/main.json
new file mode 100644
index 0000000..014244d
--- /dev/null
+++ b/roles/vikunja-and-nginx/tasks/main.json
@@ -0,0 +1,35 @@
+[
+	{
+		"name": "deactivate default site",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "absent",
+			"dest": "/etc/nginx/sites-enabled/default"
+		}
+	},
+	{
+		"name": "emplace configuration | data",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "conf.j2",
+			"dest": "/etc/nginx/sites-available/{{var_vikunja_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "emplace configuration | link",
+		"become": true,
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "/etc/nginx/sites-available/{{var_vikunja_and_nginx_domain}}",
+			"dest": "/etc/nginx/sites-enabled/{{var_vikunja_and_nginx_domain}}"
+		}
+	},
+	{
+		"name": "restart nginx",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"name": "nginx"
+		}
+	}
+]
diff --git a/roles/vikunja-and-nginx/templates/conf.j2 b/roles/vikunja-and-nginx/templates/conf.j2
new file mode 100644
index 0000000..028f8f3
--- /dev/null
+++ b/roles/vikunja-and-nginx/templates/conf.j2
@@ -0,0 +1,16 @@
+server {
+	listen 80;
+	listen [::]:80;
+	listen 443 ssl;
+	listen [::]:443 ssl;
+	
+	server_name {{var_vikunja_and_nginx_domain}};
+	
+	ssl_certificate /etc/ssl/fullchains/{{var_vikunja_and_nginx_domain}}.pem;
+	ssl_certificate_key /etc/ssl/private/{{var_vikunja_and_nginx_domain}}.pem;
+	
+	location / {
+		proxy_pass http://localhost:3456;
+		client_max_body_size 20M;
+	}
+}
diff --git a/roles/vikunja/defaults/main.json b/roles/vikunja/defaults/main.json
new file mode 100644
index 0000000..e237df5
--- /dev/null
+++ b/roles/vikunja/defaults/main.json
@@ -0,0 +1,20 @@
+{
+	"var_vikunja_version": "0.23.0",
+	"var_vikunja_architecture": "amd64",
+	"var_vikunja_domain": "vikunja.example.org",
+	"var_vikunja_directory": "/opt/vikunja",
+	"var_vikunja_user": "vikunja",
+	"var_vikunja_database_kind": "sqlite",
+	"var_vikunja_database_data_sqlite_path": "data.sqlite",
+	"var_vikunja_database_data_postgresql_host": "postgresql.example.org",
+	"var_vikunja_database_data_postgresql_port": 5432,
+	"var_vikunja_database_data_postgresql_username": "vikunja_user",
+	"var_vikunja_database_data_postgresql_password": "REPLACE_ME",
+	"var_vikunja_database_data_postgresql_schema": "vikunja",
+	"var_vikunja_authentication_kind": "internal",
+	"var_vikunja_authentication_data_authelia_provider_id": "authelia",
+	"var_vikunja_authentication_data_authelia_provider_name": "Authelia",
+	"var_vikunja_authentication_data_authelia_client_id": "vikunja",
+	"var_vikunja_authentication_data_authelia_client_secret": "REPLACE_ME",
+	"var_vikunja_authentication_data_authelia_url_base": "https://authelia.example.org"
+}
diff --git a/roles/vikunja/info.md b/roles/vikunja/info.md
new file mode 100644
index 0000000..ca47178
--- /dev/null
+++ b/roles/vikunja/info.md
@@ -0,0 +1,9 @@
+## Beschreibung
+
+- Einrichtung der Aufgaben-Verwaltung [Vikunja](https://vikunja.io/)
+
+
+## Verweise
+
+- [git-Repository](https://kolaente.dev/vikunja/vikunja)
+- [Konfiguration](https://vikunja.io/docs/config-options/)
diff --git a/roles/vikunja/tasks/main.json b/roles/vikunja/tasks/main.json
new file mode 100644
index 0000000..112e6c5
--- /dev/null
+++ b/roles/vikunja/tasks/main.json
@@ -0,0 +1,64 @@
+[
+	{
+		"name": "user",
+		"ansible.builtin.user": {
+			"name": "{{var_vikunja_user}}",
+			"create_home": true,
+			"home": "{{var_vikunja_directory}}"
+		}
+	},
+	{
+		"name": "download",
+		"become": true,
+		"become_user": "{{var_vikunja_user}}",
+		"ansible.builtin.get_url": {
+			"url": "https://dl.vikunja.io/vikunja/{{var_vikunja_version}}/vikunja-v{{var_vikunja_version}}-linux-{{var_vikunja_architecture}}-full.zip",
+			"dest": "/tmp/vikunja.zip"
+		}
+	},
+	{
+		"name": "unpack",
+		"become": true,
+		"become_user": "{{var_vikunja_user}}",
+		"ansible.builtin.unarchive": {
+			"src": "/tmp/vikunja.zip",
+			"dest": "{{var_vikunja_directory}}"
+		}
+	},
+	{
+		"name": "link",
+		"become": true,
+		"become_user": "{{var_vikunja_user}}",
+		"ansible.builtin.file": {
+			"state": "link",
+			"src": "{{var_vikunja_directory}}/vikunja-v{{var_vikunja_version}}-{{var_vikunja_architecture}}",
+			"dest": "{{var_vikunja_directory}}/vikunja"
+		}
+	},
+	{
+		"name": "conf",
+		"become": true,
+		"become_user": "{{var_vikunja_user}}",
+		"ansible.builtin.template": {
+			"src": "config.json.j2",
+			"dest": "{{var_vikunja_directory}}/config.json"
+		}
+	},
+	{
+		"name": "systemd-unit",
+		"become": true,
+		"ansible.builtin.template": {
+			"src": "systemd-unit.j2",
+			"dest": "/etc/systemd/system/vikunja.service"
+		}
+	},
+	{
+		"name": "apply",
+		"become": true,
+		"ansible.builtin.systemd_service": {
+			"state": "restarted",
+			"enabled": true,
+			"name": "vikunja"
+		}
+	}
+]
diff --git a/roles/vikunja/templates/config.json.j2 b/roles/vikunja/templates/config.json.j2
new file mode 100644
index 0000000..616d77b
--- /dev/null
+++ b/roles/vikunja/templates/config.json.j2
@@ -0,0 +1,44 @@
+{
+	"database": {
+{% if var_vikunja_database_kind == 'sqlite' %}
+		"type": "sqlite",
+		"path": "{{var_vikunja_database_data_sqlite_path}}"
+{% endif %}
+{% if var_vikunja_database_kind == 'postgresql' %}
+		"type": "postgres",
+		"host": "{{var_vikunja_database_data_postgresql_host}}",
+		"port": {{var_vikunja_database_data_postgresql_port | string}},
+		"user": "{{var_vikunja_database_data_postgresql_username}}",
+		"password": "{{var_vikunja_database_data_postgresql_password}}",
+		"database": "{{var_vikunja_database_data_postgresql_schema}}"
+{% endif %}
+	},
+	"auth": {
+{% if var_vikunja_authentication_kind == 'internal' %}
+		"local": {
+			"enabled": true
+		},
+		"openid": {
+			"enabled": false
+		}
+{% endif %}
+{% if var_vikunja_authentication_kind == 'authelia' %}
+		"local": {
+			"enabled": false
+		},
+		"openid": {
+			"enabled": true,
+			"redirecturl": "https://{{var_vikunja_domain}}/auth/openid/",
+			"providers": [
+				{
+					"name": "Authelia",
+					"authurl": "{{var_vikunja_authentication_data_authelia_url_base}}",
+					"clientid": "{{var_vikunja_authentication_data_authelia_client_id}}",
+					"clientsecret": "{{var_vikunja_authentication_data_authelia_client_secret}}",
+					"scope": "openid profile email"
+				}
+			]
+		}
+{% endif %}
+	}
+}
diff --git a/roles/vikunja/templates/systemd-unit.j2 b/roles/vikunja/templates/systemd-unit.j2
new file mode 100644
index 0000000..66474fe
--- /dev/null
+++ b/roles/vikunja/templates/systemd-unit.j2
@@ -0,0 +1,16 @@
+[Unit]
+Description=Vikunja
+After=syslog.target
+After=network.target
+
+[Service]
+User={{var_vikunja_user}}
+Group={{var_vikunja_user}}
+RestartSec=2s
+Type=simple
+WorkingDirectory={{var_vikunja_directory}}
+ExecStart=/usr/bin/vikunja
+Restart=always
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/vikunja/vardef.json b/roles/vikunja/vardef.json
new file mode 100644
index 0000000..6a741c1
--- /dev/null
+++ b/roles/vikunja/vardef.json
@@ -0,0 +1,82 @@
+{
+	"version": {
+		"type": "string",
+		"mandatory": false
+	},
+	"architecture": {
+		"type": "string",
+		"mandatory": false
+	},
+	"domain": {
+		"type": "string",
+		"mandatory": false
+	},
+	"directory": {
+		"type": "string",
+		"mandatory": false
+	},
+	"user": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_kind": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"sqlite",
+			"postgresql"
+		]
+	},
+	"database_data_sqlite_path": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"database_data_postgresql_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"database_data_postgresql_schema": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_kind": {
+		"type": "string",
+		"mandatory": false,
+		"options": [
+			"internal",
+			"authelia"
+		]
+	},
+	"authentication_data_authelia_provider_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_provider_name": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_client_id": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_client_secret": {
+		"type": "string",
+		"mandatory": false
+	},
+	"authentication_data_authelia_url_base": {
+		"type": "string",
+		"mandatory": false
+	}
+}

From e442272e1809851a9573b8011c15e363e3f37afd Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 4 Jun 2024 10:03:33 +0200
Subject: [PATCH 2/8] [add] role:postgresql-for-vikunja

---
 .../postgresql-for-vikunja/defaults/main.json |  5 ++
 roles/postgresql-for-vikunja/tasks/main.json  | 49 +++++++++++++++++++
 2 files changed, 54 insertions(+)
 create mode 100644 roles/postgresql-for-vikunja/defaults/main.json
 create mode 100644 roles/postgresql-for-vikunja/tasks/main.json

diff --git a/roles/postgresql-for-vikunja/defaults/main.json b/roles/postgresql-for-vikunja/defaults/main.json
new file mode 100644
index 0000000..eac9bc3
--- /dev/null
+++ b/roles/postgresql-for-vikunja/defaults/main.json
@@ -0,0 +1,5 @@
+{
+	"var_postgresql_for_vikunja_username": "vikunja_user",
+	"var_postgresql_for_vikunja_password": "REPLACE_ME",
+	"var_postgresql_for_vikunja_schema": "vikunja"
+}
diff --git a/roles/postgresql-for-vikunja/tasks/main.json b/roles/postgresql-for-vikunja/tasks/main.json
new file mode 100644
index 0000000..fb5f787
--- /dev/null
+++ b/roles/postgresql-for-vikunja/tasks/main.json
@@ -0,0 +1,49 @@
+[
+	{
+		"name": "packages",
+		"become": true,
+		"ansible.builtin.apt": {
+			"update_cache": true,
+			"pkg": [
+				"acl",
+				"python3-psycopg2"
+			]
+		}
+	},
+	{
+		"name": "user",
+		"become": true,
+		"become_user": "postgres",
+		"community.postgresql.postgresql_user": {
+			"state": "present",
+			"name": "{{var_postgresql_for_vikunja_username}}",
+			"password": "{{var_postgresql_for_vikunja_password}}"
+		},
+		"environment": {
+			"PGOPTIONS": "-c password_encryption=scram-sha-256"
+		}
+	},
+	{
+		"name": "schema",
+		"become": true,
+		"become_user": "postgres",
+		"community.postgresql.postgresql_db": {
+			"state": "present",
+			"name": "{{var_postgresql_for_vikunja_schema}}",
+			"owner": "{{var_postgresql_for_vikunja_username}}"
+		}
+	},
+	{
+		"name": "rights",
+		"become": true,
+		"become_user": "postgres",
+		"community.postgresql.postgresql_privs": {
+			"state": "present",
+			"db": "{{var_postgresql_for_vikunja_schema}}",
+			"objs": "ALL_IN_SCHEMA",
+			"roles": "{{var_postgresql_for_vikunja_username}}",
+			"privs": "ALL",
+			"grant_option": true
+		}
+	}
+]

From cc922b910d34a5dffe70016faf7ecbcca0c37a6e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 4 Jun 2024 10:04:01 +0200
Subject: [PATCH 3/8] [mod] role:vikunja:more config variables

---
 roles/vikunja/defaults/main.json       | 10 +++++++
 roles/vikunja/templates/config.json.j2 | 19 ++++++++++++
 roles/vikunja/vardef.json              | 41 ++++++++++++++++++++++++++
 3 files changed, 70 insertions(+)

diff --git a/roles/vikunja/defaults/main.json b/roles/vikunja/defaults/main.json
index e237df5..5ff99cb 100644
--- a/roles/vikunja/defaults/main.json
+++ b/roles/vikunja/defaults/main.json
@@ -4,6 +4,8 @@
 	"var_vikunja_domain": "vikunja.example.org",
 	"var_vikunja_directory": "/opt/vikunja",
 	"var_vikunja_user": "vikunja",
+	"var_vikunja_timezone": "Europe/Berlin",
+	"var_vikunja_default_language": "de",
 	"var_vikunja_database_kind": "sqlite",
 	"var_vikunja_database_data_sqlite_path": "data.sqlite",
 	"var_vikunja_database_data_postgresql_host": "postgresql.example.org",
@@ -17,4 +19,12 @@
 	"var_vikunja_authentication_data_authelia_client_id": "vikunja",
 	"var_vikunja_authentication_data_authelia_client_secret": "REPLACE_ME",
 	"var_vikunja_authentication_data_authelia_url_base": "https://authelia.example.org"
+	"var_vikunja_mail_sending_enabled": true,
+	"var_vikunja_mail_sending_smtp_host": "smtp.example.org",
+	"var_vikunja_mail_sending_smtp_port": 587,
+	"var_vikunja_mail_sending_smtp_authtype": "plain",
+	"var_vikunja_mail_sending_smtp_force_tls": false,
+	"var_vikunja_mail_sending_smtp_username": "REPLACE_ME",
+	"var_vikunja_mail_sending_smtp_password": "REPLACE_ME",
+	"var_vikunja_mail_sending_sender": "vikunja@example.org"
 }
diff --git a/roles/vikunja/templates/config.json.j2 b/roles/vikunja/templates/config.json.j2
index 616d77b..e477743 100644
--- a/roles/vikunja/templates/config.json.j2
+++ b/roles/vikunja/templates/config.json.j2
@@ -1,4 +1,13 @@
 {
+	"service": {
+		"publicurl": "https://{{var_vikunja_domain}}",
+		"rootpath": "{{var_vikunja_directory}}",
+		"timezone": "{{var_vikunja_timezone}}"
+	},
+	"defaultsettings": {
+		"language": "{{var_vikunja_default_language}}",
+		"timezone": "{{var_vikunja_timezone}}"
+	},
 	"database": {
 {% if var_vikunja_database_kind == 'sqlite' %}
 		"type": "sqlite",
@@ -40,5 +49,15 @@
 			]
 		}
 {% endif %}
+	},
+	"mailer": {
+		"enabled": {{var_vikunja_mail_sending_enabled | json}},
+		"host": "{{var_vikunja_mail_sending_smtp_host}}",
+		"port": {{var_vikunja_mail_sending_smtp_port | string}},
+		"autthtype": "{{var_vikunja_mail_sending_smtp_authtype}}",
+		"username": "{{var_vikunja_mail_sending_smtp_username}}",
+		"password": "{{var_vikunja_mail_sending_smtp_password}}",
+		"fromemail": "{{var_vikunja_mail_sending_sender}}",
+		"forcessl": {{var_vikunja_mail_sending_smtp_force_tls | json}}
 	}
 }
diff --git a/roles/vikunja/vardef.json b/roles/vikunja/vardef.json
index 6a741c1..0450827 100644
--- a/roles/vikunja/vardef.json
+++ b/roles/vikunja/vardef.json
@@ -19,6 +19,15 @@
 		"type": "string",
 		"mandatory": false
 	},
+	"timezone": {
+		"type": "string",
+		"mandatory": false
+	},
+	"default_language": {
+		"type": "string",
+		"mandatory": false,
+		"description": "ISO 639-1"
+	},
 	"database_kind": {
 		"type": "string",
 		"mandatory": false,
@@ -78,5 +87,37 @@
 	"authentication_data_authelia_url_base": {
 		"type": "string",
 		"mandatory": false
+	},
+	"mail_sending_enabled": {
+		"type": "string",
+		"mandatory": false
+	},
+	"mail_sending_smtp_host": {
+		"type": "string",
+		"mandatory": false
+	},
+	"mail_sending_smtp_port": {
+		"type": "integer",
+		"mandatory": false
+	},
+	"mail_sending_smtp_authtype": {
+		"type": "string",
+		"mandatory": false
+	},
+	"mail_sending_smtp_force_tls": {
+		"type": "boolean",
+		"mandatory": false
+	},
+	"mail_sending_smtp_username": {
+		"type": "string",
+		"mandatory": false
+	},
+	"mail_sending_smtp_password": {
+		"type": "string",
+		"mandatory": false
+	},
+	"mail_sending_sender": {
+		"type": "string",
+		"mandatory": false
 	}
 }

From c62ae6e42f45efd5e8bc90c06bde66f7657976ea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Tue, 4 Jun 2024 10:04:20 +0200
Subject: [PATCH 4/8] [fix] role:authelia-for-vikunja

---
 roles/authelia-for-vikunja/info.md                            | 4 ++--
 .../templates/authelia-client-conf.json.j2                    | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/roles/authelia-for-vikunja/info.md b/roles/authelia-for-vikunja/info.md
index c3da4d0..4e3b49f 100644
--- a/roles/authelia-for-vikunja/info.md
+++ b/roles/authelia-for-vikunja/info.md
@@ -5,6 +5,6 @@ Um [Vikunja](../vikunja) gegen [Authelia](../authelia) authentifizieren zu lasse
 
 ## Verweise
 
-- [Authelia-Dokumentation | Vikunja Integration](https://www.authelia.com/integration/openid-connect/vikunja/)
 - [Vikunja-Dokumentation | OpenID](https://vikunja.io/docs/openid/)
-- [Vikunja-Dokumentation | OpenID example configurations](https://vikunja.io/docs/openid-example-configurations/)
+- [Vikunja-Dokumentation | OpenID example configurations for Authelia](https://vikunja.io/docs/openid-example-configurations/#authelia)
+- [Authelia-Dokumentation | Vikunja Integration](https://www.authelia.com/integration/openid-connect/vikunja/)
diff --git a/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2 b/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2
index 47d38e7..a288ae0 100644
--- a/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2
+++ b/roles/authelia-for-vikunja/templates/authelia-client-conf.json.j2
@@ -5,7 +5,7 @@
 	"public": false,
 	"authorization_policy": "one_factor",
 	"redirect_uris": [
-		"{{var_authelia_for_vikunja_vikunja_url_base}}/_vikunja/client/oidc/callback"
+		"{{var_authelia_for_vikunja_vikunja_url_base}}/auth/openid/authelia"
 	],
 	"scopes": [
 		"openid",

From 156f94fb3f1bf2505db1c7621fb0cbd61309e4d4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Wed, 5 Jun 2024 20:00:23 +0200
Subject: [PATCH 5/8] [fix] role:authelia:vardef

---
 roles/authelia/vardef.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/authelia/vardef.json b/roles/authelia/vardef.json
index 2e764e3..9b7d5bc 100644
--- a/roles/authelia/vardef.json
+++ b/roles/authelia/vardef.json
@@ -25,7 +25,7 @@
 	},
 	"domain": {
 		"type": "string",
-		"mandatory": false,
+		"mandatory": false
 	},
 	"redirect_url": {
 		"type": "string",

From 93cf4a28952daa491fb5095e73a05dcebc905d65 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Wed, 5 Jun 2024 20:00:46 +0200
Subject: [PATCH 6/8] [fix] role:vikunja

---
 roles/vikunja/defaults/main.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/vikunja/defaults/main.json b/roles/vikunja/defaults/main.json
index 5ff99cb..ed47ec8 100644
--- a/roles/vikunja/defaults/main.json
+++ b/roles/vikunja/defaults/main.json
@@ -18,7 +18,7 @@
 	"var_vikunja_authentication_data_authelia_provider_name": "Authelia",
 	"var_vikunja_authentication_data_authelia_client_id": "vikunja",
 	"var_vikunja_authentication_data_authelia_client_secret": "REPLACE_ME",
-	"var_vikunja_authentication_data_authelia_url_base": "https://authelia.example.org"
+	"var_vikunja_authentication_data_authelia_url_base": "https://authelia.example.org",
 	"var_vikunja_mail_sending_enabled": true,
 	"var_vikunja_mail_sending_smtp_host": "smtp.example.org",
 	"var_vikunja_mail_sending_smtp_port": 587,

From 66dff8e58bbb64f73cf1724bae015719bbbbbbea Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Sun, 9 Jun 2024 11:08:24 +0200
Subject: [PATCH 7/8] [fix] role:vikunja

---
 roles/vikunja/tasks/main.json          | 3 ++-
 roles/vikunja/templates/config.json.j2 | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/roles/vikunja/tasks/main.json b/roles/vikunja/tasks/main.json
index 112e6c5..a639982 100644
--- a/roles/vikunja/tasks/main.json
+++ b/roles/vikunja/tasks/main.json
@@ -21,6 +21,7 @@
 		"become": true,
 		"become_user": "{{var_vikunja_user}}",
 		"ansible.builtin.unarchive": {
+			"remote_src": true,
 			"src": "/tmp/vikunja.zip",
 			"dest": "{{var_vikunja_directory}}"
 		}
@@ -31,7 +32,7 @@
 		"become_user": "{{var_vikunja_user}}",
 		"ansible.builtin.file": {
 			"state": "link",
-			"src": "{{var_vikunja_directory}}/vikunja-v{{var_vikunja_version}}-{{var_vikunja_architecture}}",
+			"src": "{{var_vikunja_directory}}/vikunja-v{{var_vikunja_version}}-linux-{{var_vikunja_architecture}}",
 			"dest": "{{var_vikunja_directory}}/vikunja"
 		}
 	},
diff --git a/roles/vikunja/templates/config.json.j2 b/roles/vikunja/templates/config.json.j2
index e477743..d10aba3 100644
--- a/roles/vikunja/templates/config.json.j2
+++ b/roles/vikunja/templates/config.json.j2
@@ -51,13 +51,13 @@
 {% endif %}
 	},
 	"mailer": {
-		"enabled": {{var_vikunja_mail_sending_enabled | json}},
+		"enabled": {{var_vikunja_mail_sending_enabled | to_json}},
 		"host": "{{var_vikunja_mail_sending_smtp_host}}",
 		"port": {{var_vikunja_mail_sending_smtp_port | string}},
 		"autthtype": "{{var_vikunja_mail_sending_smtp_authtype}}",
 		"username": "{{var_vikunja_mail_sending_smtp_username}}",
 		"password": "{{var_vikunja_mail_sending_smtp_password}}",
 		"fromemail": "{{var_vikunja_mail_sending_sender}}",
-		"forcessl": {{var_vikunja_mail_sending_smtp_force_tls | json}}
+		"forcessl": {{var_vikunja_mail_sending_smtp_force_tls | to_json}}
 	}
 }

From 4500492ad6ee452e514dbf48c196b420ea6f9c75 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Christian=20Fra=C3=9F?=
 <christian.frass@dielinke-glauchau.de>
Date: Sun, 9 Jun 2024 11:11:17 +0200
Subject: [PATCH 8/8] [mod] role:vikunja:tls hardening

---
 roles/vikunja-and-nginx/templates/conf.j2 | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/vikunja-and-nginx/templates/conf.j2 b/roles/vikunja-and-nginx/templates/conf.j2
index 028f8f3..a9a8241 100644
--- a/roles/vikunja-and-nginx/templates/conf.j2
+++ b/roles/vikunja-and-nginx/templates/conf.j2
@@ -8,6 +8,7 @@ server {
 	
 	ssl_certificate /etc/ssl/fullchains/{{var_vikunja_and_nginx_domain}}.pem;
 	ssl_certificate_key /etc/ssl/private/{{var_vikunja_and_nginx_domain}}.pem;
+	include /etc/nginx/ssl-hardening.conf;
 	
 	location / {
 		proxy_pass http://localhost:3456;