Vikunja is a self-hosted app for managing projects and to-do lists.

Vikunja can be installed on Docker using Docker Compose using the instructions found here. See also my Docker Compose file.

Note that the files and db directories should already exist when before starting the compose stack and that the user with UID 1000 should have read/write access to them. The config.yml file should also exist and be mapped correctly. If running Docker on a dedicated host/VM, your non-root user likely has this UID already (meaning that, if the directories were created as that user, there is nothing left to do). This can be checked with the id -u username shell command.

Also note that the variables in the Docker Compose file must be set. These can be done through the web interface under the Environment Variables section is using Portainer to setup this stack or in a .env file in the same directory. The passwords specified can be any (strong) passwords and the VIKUNJA_SERVICE_JWTSECRET can be generated with a random secret generator. One possible way to do this is with the following command: openssl rand 60 | base64. Finally, note that the VIKUNJA_SERVICE_PUBLICURL should be the public URL that will be used to access Vikunja. This is not the IP:port if you are using a reverse proxy. In my case, this is https://todo.brew.foo.

If you'd like to use Authentik for SSO authentication, you can follow the directions on the Authentik website. In short, the steps are:

• Create a new Application in Authentik with the following settings:
  • Name: Vikunja
  • Slug: vikunja
  • Provider type: Oauth2/OpenID
  • Redirect URI: https://vik.company/auth/openid/authentik
    • Note that the redirect URL in the documentation (https://vik.company/auth/openid/authentiklogin) is wrong and the one listed above is what should be used.
  • Set the authurl, clientid, and clientsecret in the Vikunja configuration.

The config.yml file I'm using contains the required changes for Authentik (the auth section) and can be found here. Note that the <client_id> and <client_secret> will need to be set to the values from the OAuth2 provider created in Authentik. Also note that this configuration disables local login and relies solely on Authentik for auth. The local login setting can be enabled in the configuration (if desired) while still allowing Authentik login.

You may also want to setup email notifications so that Vikunja can send you reminders. You can do that by adding the mailer section of my config file (with the config file setup as described above). Replace <email-address> with a Gmail address and replace <app-password> with an app password generated from that Gmail account.